[PATCH kernel-4.19 04/13] Revert "x86_64: bpf: implement jitting of JMP32"

28 Sep 2021

From: He Fengqing <hefengqing@huawei.com>

hulk inclusion
category: bugfix
bugzilla: NA
CVE: CVE-2021-3444

-------------------------------------------------

This reverts commit e0db8d9eda891e4ebaa3f812bd52c2e3c3dcfae8.

Signed-off-by: He Fengqing <hefengqing@huawei.com>
Reviewed-by: Kuohai Xu <xukuohai@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 arch/x86/net/bpf_jit_comp.c | 46 +++++--------------------------------
 1 file changed, 6 insertions(+), 40 deletions(-)

diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 4d45a9d8e9275..81c3d4b4c7e2c 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -873,41 +873,20 @@ xadd:			if (is_imm8(insn->off))
 		case BPF_JMP | BPF_JSLT | BPF_X:
 		case BPF_JMP | BPF_JSGE | BPF_X:
 		case BPF_JMP | BPF_JSLE | BPF_X:
-		case BPF_JMP32 | BPF_JEQ | BPF_X:
-		case BPF_JMP32 | BPF_JNE | BPF_X:
-		case BPF_JMP32 | BPF_JGT | BPF_X:
-		case BPF_JMP32 | BPF_JLT | BPF_X:
-		case BPF_JMP32 | BPF_JGE | BPF_X:
-		case BPF_JMP32 | BPF_JLE | BPF_X:
-		case BPF_JMP32 | BPF_JSGT | BPF_X:
-		case BPF_JMP32 | BPF_JSLT | BPF_X:
-		case BPF_JMP32 | BPF_JSGE | BPF_X:
-		case BPF_JMP32 | BPF_JSLE | BPF_X:
 			/* cmp dst_reg, src_reg */
-			if (BPF_CLASS(insn->code) == BPF_JMP)
-				EMIT1(add_2mod(0x48, dst_reg, src_reg));
-			else if (is_ereg(dst_reg) || is_ereg(src_reg))
-				EMIT1(add_2mod(0x40, dst_reg, src_reg));
-			EMIT2(0x39, add_2reg(0xC0, dst_reg, src_reg));
+			EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x39,
+			      add_2reg(0xC0, dst_reg, src_reg));
 			goto emit_cond_jmp;
 
 		case BPF_JMP | BPF_JSET | BPF_X:
-		case BPF_JMP32 | BPF_JSET | BPF_X:
 			/* test dst_reg, src_reg */
-			if (BPF_CLASS(insn->code) == BPF_JMP)
-				EMIT1(add_2mod(0x48, dst_reg, src_reg));
-			else if (is_ereg(dst_reg) || is_ereg(src_reg))
-				EMIT1(add_2mod(0x40, dst_reg, src_reg));
-			EMIT2(0x85, add_2reg(0xC0, dst_reg, src_reg));
+			EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x85,
+			      add_2reg(0xC0, dst_reg, src_reg));
 			goto emit_cond_jmp;
 
 		case BPF_JMP | BPF_JSET | BPF_K:
-		case BPF_JMP32 | BPF_JSET | BPF_K:
 			/* test dst_reg, imm32 */
-			if (BPF_CLASS(insn->code) == BPF_JMP)
-				EMIT1(add_1mod(0x48, dst_reg));
-			else if (is_ereg(dst_reg))
-				EMIT1(add_1mod(0x40, dst_reg));
+			EMIT1(add_1mod(0x48, dst_reg));
 			EMIT2_off32(0xF7, add_1reg(0xC0, dst_reg), imm32);
 			goto emit_cond_jmp;
 
@@ -921,21 +900,8 @@ xadd:			if (is_imm8(insn->off))
 		case BPF_JMP | BPF_JSLT | BPF_K:
 		case BPF_JMP | BPF_JSGE | BPF_K:
 		case BPF_JMP | BPF_JSLE | BPF_K:
-		case BPF_JMP32 | BPF_JEQ | BPF_K:
-		case BPF_JMP32 | BPF_JNE | BPF_K:
-		case BPF_JMP32 | BPF_JGT | BPF_K:
-		case BPF_JMP32 | BPF_JLT | BPF_K:
-		case BPF_JMP32 | BPF_JGE | BPF_K:
-		case BPF_JMP32 | BPF_JLE | BPF_K:
-		case BPF_JMP32 | BPF_JSGT | BPF_K:
-		case BPF_JMP32 | BPF_JSLT | BPF_K:
-		case BPF_JMP32 | BPF_JSGE | BPF_K:
-		case BPF_JMP32 | BPF_JSLE | BPF_K:
 			/* cmp dst_reg, imm8/32 */
-			if (BPF_CLASS(insn->code) == BPF_JMP)
-				EMIT1(add_1mod(0x48, dst_reg));
-			else if (is_ereg(dst_reg))
-				EMIT1(add_1mod(0x40, dst_reg));
+			EMIT1(add_1mod(0x48, dst_reg));
 
 			if (is_imm8(imm32))
 				EMIT3(0x83, add_1reg(0xF8, dst_reg), imm32);
-- 
2.25.1

    