Correctly check unsignedness of all BPF_LD|BPF_IND instructions.

This is roughly from sys/net/bpf_filter.c r1.12 and r1.14.
author: jkim <jkim@FreeBSD.org> 2008-08-18 19:14:26 +0000
committer: jkim <jkim@FreeBSD.org> 2008-08-18 19:14:26 +0000
commit: 9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe (patch)
tree: 0ad0caaac1378e69faf24b4282c11ea64c5547c8 /sys/amd64
parent: 2e51cd9be9bf3bb0d8870d6f2117847e6da04a9e (diff)
download: FreeBSD-src-9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe.zip
FreeBSD-src-9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe.tar.gz
2 files changed, 70 insertions, 38 deletions
diff --git a/sys/amd64/amd64/bpf_jit_machdep.c b/sys/amd64/amd64/bpf_jit_machdep.c
index 90eb735..2ccb6ac 100644
--- a/sys/amd64/amd64/bpf_jit_machdep.c
+++ b/sys/amd64/amd64/bpf_jit_machdep.c
@@ -167,11 +167,13 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 				break;
 
 			case BPF_LD|BPF_W|BPF_ABS:
-				MOVid(ins->k, ECX);
-				MOVrd(ECX, ESI);
-				ADDib(sizeof(int32_t), ECX);
-				CMPrd(EDI, ECX);
-				JBEb(6);
+				MOVid(ins->k, ESI);
+				CMPrd(EDI, ESI);
+				JAb(12);
+				MOVrd(EDI, ECX);
+				SUBrd(ESI, ECX);
+				CMPid(sizeof(int32_t), ECX);
+				JAEb(6);
 				ZEROrd(EAX);
 				MOVrq3(R8, RBX);
 				RET();
@@ -181,11 +183,13 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 
 			case BPF_LD|BPF_H|BPF_ABS:
 				ZEROrd(EAX);
-				MOVid(ins->k, ECX);
-				MOVrd(ECX, ESI);
-				ADDib(sizeof(int16_t), ECX);
-				CMPrd(EDI, ECX);
-				JBEb(4);
+				MOVid(ins->k, ESI);
+				CMPrd(EDI, ESI);
+				JAb(12);
+				MOVrd(EDI, ECX);
+				SUBrd(ESI, ECX);
+				CMPid(sizeof(int16_t), ECX);
+				JAEb(4);
 				MOVrq3(R8, RBX);
 				RET();
 				MOVobw(RBX, RSI, AX);
@@ -194,12 +198,12 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 
 			case BPF_LD|BPF_B|BPF_ABS:
 				ZEROrd(EAX);
-				MOVid(ins->k, ECX);
-				CMPrd(EDI, ECX);
-				JBEb(4);
+				MOVid(ins->k, ESI);
+				CMPrd(EDI, ESI);
+				JBb(4);
 				MOVrq3(R8, RBX);
 				RET();
-				MOVobb(RBX, RCX, AL);
+				MOVobb(RBX, RSI, AL);
 				break;
 
 			case BPF_LD|BPF_W|BPF_LEN:
@@ -211,12 +215,18 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 				break;
 
 			case BPF_LD|BPF_W|BPF_IND:
-				MOVid(ins->k, ECX);
-				ADDrd(EDX, ECX);
-				MOVrd(ECX, ESI);
-				ADDib(sizeof(int32_t), ECX);
-				CMPrd(EDI, ECX);
-				JBEb(6);
+				CMPrd(EDI, EDX);
+				JAb(27);
+				MOVid(ins->k, ESI);
+				MOVrd(EDI, ECX);
+				SUBrd(EDX, ECX);
+				CMPrd(ESI, ECX);
+				JBb(14);
+				ADDrd(EDX, ESI);
+				MOVrd(EDI, ECX);
+				SUBrd(ESI, ECX);
+				CMPid(sizeof(int32_t), ECX);
+				JAEb(6);
 				ZEROrd(EAX);
 				MOVrq3(R8, RBX);
 				RET();
@@ -226,12 +236,18 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 
 			case BPF_LD|BPF_H|BPF_IND:
 				ZEROrd(EAX);
-				MOVid(ins->k, ECX);
-				ADDrd(EDX, ECX);
-				MOVrd(ECX, ESI);
-				ADDib(sizeof(int16_t), ECX);
-				CMPrd(EDI, ECX);
-				JBEb(4);
+				CMPrd(EDI, EDX);
+				JAb(27);
+				MOVid(ins->k, ESI);
+				MOVrd(EDI, ECX);
+				SUBrd(EDX, ECX);
+				CMPrd(ESI, ECX);
+				JBb(14);
+				ADDrd(EDX, ESI);
+				MOVrd(EDI, ECX);
+				SUBrd(ESI, ECX);
+				CMPid(sizeof(int16_t), ECX);
+				JAEb(4);
 				MOVrq3(R8, RBX);
 				RET();
 				MOVobw(RBX, RSI, AX);
@@ -240,24 +256,28 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 
 			case BPF_LD|BPF_B|BPF_IND:
 				ZEROrd(EAX);
-				MOVid(ins->k, ECX);
-				ADDrd(EDX, ECX);
-				CMPrd(EDI, ECX);
-				JBEb(4);
+				CMPrd(EDI, EDX);
+				JAEb(13);
+				MOVid(ins->k, ESI);
+				MOVrd(EDI, ECX);
+				SUBrd(EDX, ECX);
+				CMPrd(ESI, ECX);
+				JAb(4);
 				MOVrq3(R8, RBX);
 				RET();
-				MOVobb(RBX, RCX, AL);
+				ADDrd(EDX, ESI);
+				MOVobb(RBX, RSI, AL);
 				break;
 
 			case BPF_LDX|BPF_MSH|BPF_B:
-				MOVid(ins->k, ECX);
-				CMPrd(EDI, ECX);
-				JBEb(6);
+				MOVid(ins->k, ESI);
+				CMPrd(EDI, ESI);
+				JBb(6);
 				ZEROrd(EAX);
 				MOVrq3(R8, RBX);
 				RET();
 				ZEROrd(EDX);
-				MOVobb(RBX, RCX, DL);
+				MOVobb(RBX, RSI, DL);
 				ANDib(0x0f, DL);
 				SHLib(2, EDX);
 				break;
diff --git a/sys/amd64/amd64/bpf_jit_machdep.h b/sys/amd64/amd64/bpf_jit_machdep.h
index 0fc83be..901dad6 100644
--- a/sys/amd64/amd64/bpf_jit_machdep.h
+++ b/sys/amd64/amd64/bpf_jit_machdep.h
@@ -381,15 +381,27 @@ typedef void (*emit_func)(bpf_bin_stream *stream, u_int value, u_int n);
 	}								\
 } while (0)
 
+/* jb off8 */
+#define JBb(off8) do {							\
+	emitm(&stream, 0x72, 1);					\
+	emitm(&stream, off8, 1);					\
+} while (0)
+
+/* jae off8 */
+#define JAEb(off8) do {							\
+	emitm(&stream, 0x73, 1);					\
+	emitm(&stream, off8, 1);					\
+} while (0)
+
 /* jne off8 */
 #define JNEb(off8) do {							\
 	emitm(&stream, 0x75, 1);					\
 	emitm(&stream, off8, 1);					\
 } while (0)
 
-/* jbe off8 */
-#define JBEb(off8) do {							\
-	emitm(&stream, 0x76, 1);					\
+/* ja off8 */
+#define JAb(off8) do {							\
+	emitm(&stream, 0x77, 1);					\
 	emitm(&stream, off8, 1);					\
 } while (0)
author	jkim <jkim@FreeBSD.org>	2008-08-18 19:14:26 +0000
committer	jkim <jkim@FreeBSD.org>	2008-08-18 19:14:26 +0000
commit	9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe (patch)
tree	0ad0caaac1378e69faf24b4282c11ea64c5547c8 /sys/amd64
parent	2e51cd9be9bf3bb0d8870d6f2117847e6da04a9e (diff)
download	FreeBSD-src-9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe.zip FreeBSD-src-9847f32c4eeb6e1c4d2dd5c95b9fdd4b378c85fe.tar.gz