The upstream changes necessary to fix these CVEs rely on the presence of JMP32, which is not a small backport and brings its own potential set of necessary follow-ups. Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix involving the use of the AX register. This has been tested against the test_verifier in 4.19.y tree and some tests specific to the two referred CVEs. Daniel Borkmann (3): bpf: Do not use ax register in interpreter on div/mod bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero include/linux/filter.h | 24 ++++++++++++++++++++++++ kernel/bpf/core.c | 32 +++++++++++++++----------------- kernel/bpf/verifier.c | 27 ++++++++++++++------------- 3 files changed, 53 insertions(+), 30 deletions(-) -- 2.30.2
