[src/trunk]: src/sys/net emit_xcall: check overflow by comparing X with (UINT...

[alnsn <alnsn%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/07a41589e6ec
branches:  trunk
changeset: 797278:07a41589e6ec
user:      alnsn <alnsn%NetBSD.org@localhost>
date:      Sat Jul 12 20:14:18 2014 +0000

description:
emit_xcall: check overflow by comparing X with (UINT32_MAX - pk->k), restore
the A register after checking that xcall succeeded.

diffstat:

 sys/net/bpfjit.c |  49 ++++++++++++++++++++++++-------------------------
 1 files changed, 24 insertions(+), 25 deletions(-)

diffs (92 lines):

diff -r 742ee44f5db4 -r 07a41589e6ec sys/net/bpfjit.c
--- a/sys/net/bpfjit.c  Sat Jul 12 20:04:31 2014 +0000
+++ b/sys/net/bpfjit.c  Sat Jul 12 20:14:18 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $        */
+/*     $NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $        */
 
 /*-
  * Copyright (c) 2011-2014 Alexander Nasonov.
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #ifdef _KERNEL
-__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $");
 #else
-__RCSID("$NetBSD: bpfjit.c,v 1.25 2014/07/12 16:52:57 alnsn Exp $");
+__RCSID("$NetBSD: bpfjit.c,v 1.26 2014/07/12 20:14:18 alnsn Exp $");
 #endif
 
 #include <sys/types.h>
@@ -552,25 +552,24 @@
                return status;
 
        if (BPF_CLASS(pc->code) == BPF_LD && BPF_MODE(pc->code) == BPF_IND) {
+               /* if (X > UINT32_MAX - pc->k) return 0; */
+               jump = sljit_emit_cmp(compiler,
+                   SLJIT_C_GREATER,
+                   BJ_XREG, 0,
+                   SLJIT_IMM, UINT32_MAX - pc->k);
+               if (jump == NULL)
+                       return SLJIT_ERR_ALLOC_FAILED;
+               if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
+                       return SLJIT_ERR_ALLOC_FAILED;
+
                /* k = X + pc->k; */
                status = sljit_emit_op2(compiler,
-                   SLJIT_ADD | SLJIT_INT_OP,
+                   SLJIT_ADD,
                    SLJIT_SCRATCH_REG2, 0,
                    BJ_XREG, 0,
                    SLJIT_IMM, (uint32_t)pc->k);
                if (status != SLJIT_SUCCESS)
                        return status;
-
-               /* if (k < X) return 0; */
-               jump = sljit_emit_cmp(compiler,
-                   SLJIT_C_LESS,
-                   SLJIT_SCRATCH_REG2, 0,
-                   BJ_XREG, 0);
-               if (jump == NULL)
-                       return SLJIT_ERR_ALLOC_FAILED;
-
-               if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
-                       return SLJIT_ERR_ALLOC_FAILED;
        } else {
                /* k = pc->k */
                status = sljit_emit_op1(compiler,
@@ -607,16 +606,6 @@
                        return status;
        }
 
-       if (BPF_CLASS(pc->code) == BPF_LDX) {
-               /* restore A */
-               status = sljit_emit_op1(compiler,
-                   SLJIT_MOV,
-                   BJ_AREG, 0,
-                   BJ_TMP3REG, 0);
-               if (status != SLJIT_SUCCESS)
-                       return status;
-       }
-
        /* tmp2 = *err; */
        status = sljit_emit_op1(compiler,
            SLJIT_MOV_UI,
@@ -637,6 +626,16 @@
        if (!append_jump(jump, ret0, ret0_size, ret0_maxsize))
                return SLJIT_ERR_ALLOC_FAILED;
 
+       if (BPF_CLASS(pc->code) == BPF_LDX) {
+               /* restore A */
+               status = sljit_emit_op1(compiler,
+                   SLJIT_MOV,
+                   BJ_AREG, 0,
+                   BJ_TMP3REG, 0);
+               if (status != SLJIT_SUCCESS)
+                       return status;
+       }
+
        return SLJIT_SUCCESS;
 }
 #endif