Thadeu Lima de Souza Cascardo originally sent this patch but it failed to merge because of a compilation error: https://lore.kernel.org/bpf/20210830183211.339054-1-cascardo@xxxxxxxxxxxxx/T/ v2: Removed redefinition of tmp to fix compilation with CONFIG_BPF_JIT_ALWAYS_ON enabled. -Edward == The upstream changes necessary to fix these CVEs rely on the presence of JMP32, which is not a small backport and brings its own potential set of necessary follow-ups. Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix involving the use of the AX register. This has been tested against the test_verifier in 4.14.y tree and some tests specific to the two referred CVEs. The test_bpf module was also tested. Daniel Borkmann (4): bpf: Do not use ax register in interpreter on div/mod bpf: fix subprog verifier bypass by div/mod by 0 exception bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero include/linux/filter.h | 24 ++++++++++++++++++++++++ kernel/bpf/core.c | 39 ++++++++++++++------------------------- kernel/bpf/verifier.c | 39 +++++++++++++++++++++++++++++++-------- net/core/filter.c | 9 ++++++++- 4 files changed, 77 insertions(+), 34 deletions(-) base-commit: a8ad60f2af5884921167e8cede5784c7849884b2 -- 2.39.2.637.g21b0678d19-goog
