The following patches are targeted at 4.19 stable tree.
Thanks!
Alexei Starovoitov (2):
bpf: improve verifier branch analysis
bpf: add per-insn complexity limit
Daniel Borkmann (10):
bpf: move {prev_,}insn_idx into verifier env
bpf: move tmp variable into ax register in interpreter
bpf: enable access to ax register also from verifier rewrite
bpf: restrict map value pointer arithmetic for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: fix sanitation of alu op with pointer / scalar type from
different paths
bpf: fix inner map masking to prevent oob under speculation
include/linux/bpf_verifier.h | 13 +
include/linux/filter.h | 10 +-
kernel/bpf/core.c | 54 ++--
kernel/bpf/map_in_map.c | 17 +-
kernel/bpf/verifier.c | 470 +++++++++++++++++++++++++++++------
5 files changed, 463 insertions(+), 101 deletions(-)
--
2.17.1
