On Mon, Sep 13, 2021 at 06:35:24PM +0300, Ovidiu Panait wrote:
> Backport summary
> ----------------
> 679c782de14b ("bpf/verifier: per-register parent pointers")
> * Context patch for 2039f26f3aca5 ("bpf: Fix leakage due to
> insufficient speculative store bypass mitigation").
> * Context adjustments because of the code added by post-4.19 commit:
> f92a819b4cbef ("bpf: prevent out of bounds speculation on pointer
> arithmetic").
>
> 0bae2d4d62d5 ("bpf: correct slot_type marking logic to allow more stack slot sharing")
> * Context patch for 2039f26f3aca5 ("bpf: Fix leakage due to
> insufficient speculative store bypass mitigation").
> * Minor context adjustement in selftest.
>
> 2011fccfb61b ("bpf: Support variable offset stack access from helpers")
> * Context patch for 2039f26f3aca5 ("bpf: Fix leakage due to
> insufficient speculative store bypass mitigation").
> * 4.19 does not have the reg_state(env, regno) helper defined, so
> replace the call with "cur_regs(env) + regno".
>
> f2bcd05ec7b8 ("bpf: Reject indirect var_off stack access in raw mode")
> * Follow-up fix for 2011fccfb61bb ("bpf: Support variable offset stack
> access from helpers").
> * Clean cherry-pick.
>
> 088ec26d9c2d ("bpf: Reject indirect var_off stack access in unpriv")
> * Follow-up fix for 2011fccfb61bb ("bpf: Support variable offset stack
> access from helpers").
> * Drop comment in retrieve_ptr_limit(), as it was made obsolete by
> post-4.19 commit 45bfdd767e235 ("bpf: Tighten speculative pointer
> arithmetic mask").
>
> 107c26a70ca8 ("bpf: Sanity check max value for var_off stack access")
> * Follow-up fix for 2011fccfb61bb ("bpf: Support variable offset stack
> access from helpers").
> * Clean cherry-pick.
>
> 8ff80e96e3cc ("selftests/bpf: Test variable offset stack access")
> * Selftest follow-up for 2011fccfb61bb ("bpf: Support variable offset
> stack access from helpers").
> * Post-4.19, the verifier tests were split into different
> files, in 4.19 they are still all in test_verifier.c, so apply the
> changes manually.
>
> f7cf25b2026d ("bpf: track spill/fill of constants")
> * Context patch for 2039f26f3aca5 ("bpf: Fix leakage due to
> insufficient speculative store bypass mitigation").
> * Drop verbose_linfo() calls, as the function is not implemented in 4.19.
> * Adjust mark_reg_read() calls to match the prototype in 4.19.
> (mark_reg_read() was changed to take 4 parameters in post-4.19 commit
> 5327ed3d44b75("bpf: verifier: mark verified-insn with sub-register
> zext flag"), but backporting it is out of scope for this patchseries).
>
> fc559a70d57c ("selftests/bpf: fix tests due to const spill/fill")
> * Selftest follow-up for f7cf25b2026d ("bpf: track spill/fill of constants").
> * Post-4.19, the verifier tests were split into different
> files, in 4.19 they are still all in test_verifier.c, so apply the
> changes manually.
>
> f5e81d111750 ("bpf: Introduce BPF nospec instruction for mitigating Spectre v4")
> * Contextual adjustments.
> * Drop arch/powerpc/net/bpf_jit_comp32.c changes, as the file is not
> present in 4.19
> * Drop riscv changes, as arch/riscv/net/bpf_jit_comp.c file is not
> present in 4.19
>
> 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation")
> * Contextual adjustments.
> * Apply check_stack_write_fixed_off() changes in check_stack_write().
> * Replace env->bypass_spec_v4 -> env->allow_ptr_leaks.
>
> c9e73e3d2b1e ("bpf: verifier: Allocate idmap scratch in verifier env")
> e042aa532c84 ("bpf: Fix pointer arithmetic mask tightening under state")
> * Contextual adjustments.
>
> With this patchseries all bpf verifier selftests pass (tested in qemu for x86_64):
> root@intel-x86-64:~# ./test_verifier
> ...
> #663/p pass modified ctx pointer to helper, 3 OK
> #664/p mov64 src == dst OK
> #665/p mov64 src != dst OK
> #666/u calls: ctx read at start of subprog OK
> #666/p calls: ctx read at start of subprog OK
> Summary: 932 PASSED, 0 SKIPPED, 0 FAILED
>
All now queued up, thanks for the backports!
greg k-h
