On Mon, Aug 30, 2021 at 03:32:07PM -0300, Thadeu Lima de Souza Cascardo wrote: > The upstream changes necessary to fix these CVEs rely on the presence of JMP32, > which is not a small backport and brings its own potential set of necessary > follow-ups. > > Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix > involving the use of the AX register. > > This has been tested against the test_verifier in 4.14.y tree and some tests > specific to the two referred CVEs. The test_bpf module was also tested. > > Daniel Borkmann (4): > bpf: Do not use ax register in interpreter on div/mod > bpf: fix subprog verifier bypass by div/mod by 0 exception > bpf: Fix 32 bit src register truncation on div/mod > bpf: Fix truncation handling for mod32 dst reg wrt zero > > include/linux/filter.h | 24 ++++++++++++++++++++++++ > kernel/bpf/core.c | 40 +++++++++++++++------------------------- > kernel/bpf/verifier.c | 39 +++++++++++++++++++++++++++++++-------- > net/core/filter.c | 9 ++++++++- > 4 files changed, 78 insertions(+), 34 deletions(-) > > -- > 2.30.2 > All now queued up, thanks. greg k-h
