On Thu, Nov 21, 2019 at 10:43:28AM +0100, Daniel Borkmann wrote:
On 11/21/19 8:43 AM, Wang YanQing wrote:
commit 711aef1bbf88212a21f7103e88f397b47a528805 upstream.
The current method to compare 64-bit numbers for conditional jump is:
Compare the high 32-bit first.
If the high 32-bit isn't the same, then goto step 4.
Compare the low 32-bit.
Check the desired condition.
This method is right for unsigned comparison, but it is buggy for signed comparison, because it does signed comparison for low 32-bit too.
There is only one sign bit in 64-bit number, that is the MSB in the 64-bit number, it is wrong to treat low 32-bit as signed number and do the signed comparison for it.
This patch fixes the bug.
Note: The original commit adds a testcase in selftests/bpf for such bug, this backport patch doesn't include the testcase, because the testcase needs another upstream commit.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=205469 Reported-by: Tony Ambardar itugrok@yahoo.com Cc: Tony Ambardar itugrok@yahoo.com Cc: stable@vger.kernel.org #v4.19 Signed-off-by: Wang YanQing udknight@gmail.com Signed-off-by: Daniel Borkmann daniel@iogearbox.net
Thanks a lot for backporting & testing, Wang, much appreciated! Greg, if you get a chance, please queue this & the other stable requests from Wang up.
All now queued up, thanks.
greg k-h