v2 updates: - fix the last failing verfifier selftest by backporting the following commits: * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb8d251ee2a6bf4d7f4af5548e9c8f4fb5f90402 * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=37e1cdff90c1bc448edb4d73a18d89e05e36ab55 * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=a801a05ca7145fd2b72dad35bd01977014241e55 - add CVE-2021-33200 fixes + support patch from 5.4: * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=8ba25a9ef9b9ca84d085aea4737e6c0852aa5bfd * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 The CVE-2021-29155 part of this series is based on Frank van der Linden's backport to 5.4 and 4.14: https://lore.kernel.org/stable/20210429220839.15667-1-fllinden@xxxxxxxxxx/ https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@xxxxxxxxxx/ With this series, all verifier selftests pass: /root# ./test_verifier ... Summary: 916 PASSED, 0 SKIPPED, 0 FAILED What the series does is: * Fix verifier selftests by backporting various bpf/selftest upstream commits + add two 4.19 specific fixes * Backport fixes for CVE-2021-29155 from 5.4 stable, including selftest changes. Only minor context adjustements were made for 4.19 backport. * Backport CVE-2021-33200 fixes. No modifications were made, all patches apply cleanly. The following commits that fix selftests are 4.19 specific: Ovidiu Panait (2): 1. bpf: fix up selftests after backports were fixed This is the 4.19 equivalent of https://lore.kernel.org/stable/20210501043014.33300-3-fllinden@xxxxxxxxxx/ Basically a backport of upstream commit 80c9b2fae87b ("bpf: add various test cases to selftests") adapted to 4.19 in order to fix the selftests that began to fail after CVE-2019-7308 fixes. 2. selftests/bpf: add selftest part of "bpf: improve verifier branch analysis" This is a cherry-pick of the selftest parts that have been left out when backporting 4f7b3e82589e0 ("bpf: improve verifier branch analysis") to 4.19. Alexei Starovoitov (1): bpf: extend is_branch_taken to registers Andrey Ignatov (1): selftests/bpf: Test narrow loads with off > 0 in test_verifier Daniel Borkmann (13): bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test bpf: Move off_reg into sanitize_ptr_alu bpf: Ensure off_reg has no mixed signed bounds for all types bpf: Rework ptr_limit into alu_limit and add common error path bpf: Improve verifier error messages for users bpf: Refactor and streamline bounds check into helper bpf: Move sanitize_val_alu out of op switch bpf: Tighten speculative pointer arithmetic mask bpf: Update selftests to reflect new error states bpf: Fix leakage of uninitialized bpf stack under speculation bpf: Wrap aux data inside bpf_sanitize_info container bpf: Fix mask direction swap upon off reg sign change bpf: No need to simulate speculative domain for immediates John Fastabend (1): bpf: Test_verifier, bpf_get_stack return value add <0 Ovidiu Panait (2): bpf: fix up selftests after backports were fixed selftests/bpf: add selftest part of "bpf: improve verifier branch analysis" Piotr Krysiuk (1): bpf, selftests: Fix up some test_verifier cases for unprivileged include/linux/bpf_verifier.h | 5 +- kernel/bpf/verifier.c | 300 +++++++++++++------- tools/testing/selftests/bpf/test_verifier.c | 112 ++++++-- 3 files changed, 294 insertions(+), 123 deletions(-) -- 2.17.1
