[PATCH 5.4 0/6] bpf: backport fixes for CVE-2021-33624

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



NOTE: the fixes were manually adjusted to apply to 5.4, so copying bpf@ to see
if there are any concerns.

With this patchseries (applied on top of [1], which was not merged yet), all
bpf verifier selftests pass:
root@intel-x86-64:~# ./test_verifier
...
#1056/p XDP pkt read, pkt_meta' <= pkt_data, good access OK
#1057/p XDP pkt read, pkt_meta' <= pkt_data, bad access 1 OK
#1058/p XDP pkt read, pkt_meta' <= pkt_data, bad access 2 OK
#1059/p XDP pkt read, pkt_data <= pkt_meta', good access OK
#1060/p XDP pkt read, pkt_data <= pkt_meta', bad access 1 OK
#1061/p XDP pkt read, pkt_data <= pkt_meta', bad access 2 OK
Summary: 1571 PASSED, 0 SKIPPED, 0 FAILED

[1] https://lore.kernel.org/stable/20210804172001.3909228-2-ovidiu.panait@xxxxxxxxxxxxx/T/#u

Daniel Borkmann (4):
  bpf: Inherit expanded/patched seen count from old aux data
  bpf: Do not mark insn as seen under speculative path verification
  bpf: Fix leakage under speculation on mispredicted branches
  bpf, selftests: Adjust few selftest outcomes wrt unreachable code

John Fastabend (2):
  bpf: Test_verifier, add alu32 bounds tracking tests
  bpf, selftests: Add a verifier test for assigning 32bit reg states to
    64bit ones

 kernel/bpf/verifier.c                         | 65 +++++++++++++++++--
 tools/testing/selftests/bpf/test_verifier.c   |  2 +-
 tools/testing/selftests/bpf/verifier/bounds.c | 65 +++++++++++++++++++
 .../selftests/bpf/verifier/dead_code.c        |  2 +
 tools/testing/selftests/bpf/verifier/jmp32.c  | 22 +++++++
 tools/testing/selftests/bpf/verifier/jset.c   | 10 +--
 tools/testing/selftests/bpf/verifier/unpriv.c |  2 +
 .../selftests/bpf/verifier/value_ptr_arith.c  |  7 +-
 8 files changed, 160 insertions(+), 15 deletions(-)

-- 
2.25.1




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux