[v2] bpf: fix divides by zero

Message ID 1515807803.3606.7.camel@gmail.com
State Accepted
Delegated to: BPF Maintainers
Headers show
Series
  • [v2] bpf: fix divides by zero
Related show

Commit Message

Eric Dumazet Jan. 13, 2018, 1:43 a.m.
From: Eric Dumazet <edumazet@google.com>

Divides by zero are not nice, lets avoid them if possible.

Also do_div() seems not needed when dealing with 32bit operands,
but this seems a minor detail.

Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter's instruction set")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
---
v2: kernel patches 101 : do not mangle patch :/

 kernel/bpf/core.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Alexei Starovoitov Jan. 14, 2018, 5:08 p.m. | #1
On Fri, Jan 12, 2018 at 05:43:23PM -0800, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
> 
> Divides by zero are not nice, lets avoid them if possible.
> 
> Also do_div() seems not needed when dealing with 32bit operands,
> but this seems a minor detail.
> 
> Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter's instruction set")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
> ---

Applied, Thank you Eric.

Patch

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 51ec2dda7f08c6c90af084589bb6d80662c77d12..7949e8b8f94e9cc196e0449214493ccce61b0903 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -956,7 +956,7 @@  static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn,
 		DST = tmp;
 		CONT;
 	ALU_MOD_X:
-		if (unlikely(SRC == 0))
+		if (unlikely((u32)SRC == 0))
 			return 0;
 		tmp = (u32) DST;
 		DST = do_div(tmp, (u32) SRC);
@@ -975,7 +975,7 @@  static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn,
 		DST = div64_u64(DST, SRC);
 		CONT;
 	ALU_DIV_X:
-		if (unlikely(SRC == 0))
+		if (unlikely((u32)SRC == 0))
 			return 0;
 		tmp = (u32) DST;
 		do_div(tmp, (u32) SRC);