[5.4,3/6] bpf: Fix leakage under speculation on mispredicted branches

From: Daniel Borkmann <daniel@iogearbox.net>

From: Ovidiu Panait <ovidiu.panait@windriver.com>
To: stable@vger.kernel.org
Cc: bpf@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org,
	john.fastabend@gmail.com, benedict.schlueter@rub.de, piotras@gmail.com
Subject: [PATCH 5.4 3/6] bpf: Fix leakage under speculation on mispredicted
	branches
Date: Thu,  5 Aug 2021 18:53:40 +0300
Message-Id: <20210805155343.3618696-4-ovidiu.panait@windriver.com>
In-Reply-To: <20210805155343.3618696-1-ovidiu.panait@windriver.com>
References: <20210805155343.3618696-1-ovidiu.panait@windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from otp-linux03.wrs.com (46.97.150.20) by
	VI1PR0501CA0002.eurprd05.prod.outlook.com
	(2603:10a6:800:92::12) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.4394.15 via Frontend Transport;
	Thu, 5 Aug 2021 15:54:05 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d02204dd-30aa-4841-e0c8-08d9582941d5
X-MS-TrafficTypeDiagnostic: DM5PR1101MB2204:
X-Microsoft-Antispam-PRVS: <DM5PR1101MB220473828E0F2BA5C1C30915FEF29@DM5PR1101MB2204.namprd11.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: AjyfOm5Mf8qdo5jKYGEXY8jQnBfsjWcbGJuAk/foOuqSNl5JVJ+ruvPlf27I19J3HCbUIVLPoYzeTwTxC97OYOQuJhfnN1wwG39U/E5TQv3yBY6zHjO7JrMgS8VfRoY+wovOEFLbpsgHsM9HP2SGsL+W1z+bTnJSoLyGwZbKgWcd/Drt09kzU8XTK8XrB9oIci9tMLCJw2KX+KHIwMhi3G7bfUpOmqU0DXCVO7ycNHjV84gDusx5GvysexPRlpNEksQ6jh7rZVyAjrXp8S+WB69lhvCceRmHIcYr2mrRTsk5Ki5huj3Mnwj55uPHb0vlu46u3d4RogiuXOVUeIiprDXG7298ZHwnkPDFkAh/f//3Shf6B5AocVL93MnJNbziIv48TvBYE7ImpKtEUQ4beo6JkKdjs2VTHmqCVSyhfQ4DH7G6PLjDNqKEQqXPVyUQmRiKM+74VsYKjbxIs2udu+w88nv8HpZwXctTwrE8BxUXsjxK517ymhf2Zob8sGYo1QWdDtoLXFJxSjVkjNexNcw8UCb0AH678jPxs/z+hvT8MFA9a6pIcFN9/Vgpk5t4Vvu/HhOS10AzEemV/9jX/9Yx8ATFY4z/6IyohcFK25LnnLl6H/KfDsOUPjXPfistYlvlAAcARwG9GNQul9SuEqzTRrTQvT4U/3IrZMEpkNUDEbeXIUyBPlTwww2XsVG1eunVC4gBcInrJyX+3nWpgA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:DM4PR11MB5327.namprd11.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(4636009)(136003)(39850400004)(346002)(396003)(376002)(366004)(4326008)(2616005)(38350700002)(38100700002)(956004)(6916009)(66946007)(66476007)(6512007)(66556008)(316002)(6666004)(52116002)(86362001)(2906002)(5660300002)(8676002)(26005)(8936002)(83380400001)(186003)(1076003)(6506007)(44832011)(478600001)(36756003)(6486002);
	DIR:OUT; SFP:1101; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7f4RRnj6U1/wRtzODEck8ymAS0svlHYHHgjN27eL5IJzafSuw00KznfuWuNxLOKZ80OyqLqhY43X/MYXag9g/vLv5CGfZPThSiAii7m7itW1obJz/XZtJyKmyzoOBmeRbMH0XcufdkNjp276N+rt0MFJWZNkz59UteIhkZwdj1GyiSD2196TfMC4ZgXEt+pEJFYewwYnlTa2yExcR7Hi3DlElzFbCYM7emaEqnVin1z0mfYOsF7/ivi7y/mnbBTaTK0moljudwRNAmh7FPeiYTig3c63k8TOi7UHcWyUEn2QTtIvs5NfaJ45DirdvD3RtbRNYFYFucfnDPOM70o931hXV9ui0dTJqedAg487fb3TTXMd/WdXq+x31p9fapvzaDBr3PnikBctsmdvRJed3e2zo8Xp7Onf5X+luwxcUvwVQTwSRBqwp09lQr8qcPt1gpZY2SQSDs+DdR4/LcGkH9F0i7620xtHcSxta942svreWa+G9O2HkgkCT0PobZExLs671PN7ZIBfwgBgeDKSz678Bb0lot2P3sllumipGMnEmv/R2i8mRLMb/1zeOfurWZM/yTOlPebN4L6PfpURItxRxlHlh3an87ntRLRUwyzCCKuLhMXcdIiU6gK35rFGQvU6efM4aDCcLqmbF7Bksq4yYcdNoCV2/3dOeY2ySsqThf+JD/OYN05AY8SInABkb2HcnAMZsEzU3QOfp7mlO6Cwj9QgpA+n7uu3AmO9DWEp2+7wnJ026EpdWTy04rMTHyRISAbfZlTbGVL57NDlcBAZrfpOaw0AOw7bD13U/KhsgxWl8gHkWNg0fjVdS2b8OQVqj+j9zYOQ8TVH/UZ3NJBcUlOC36ibGVTZHyLuTcO0dN8Rrk5uCJ0f8K0YndLLAkLb7LrwW09Ho39Yq4EfuoUv3Hs9CGNxh7XjUwJvZXST7wT+RfujDM0Lhla5lUUUVLHPf+th6fy2RK4PpcNM5KIhckgqlFyO6v+KEP01NF0JhtWrIsZrqAo9DsDmQZEBymStWfRu4BIqDJ0rUAOWoRMBbI4dl1thPdVtDhYw9pmoTA454v4A7vWvol6wLWJA5oSJlnmuWSHM7po4fN2QK7d4KkaYm02kvalwoRrm2B6AMmilyuuE0MD0bomj5Y4+GfDySHsdtrj9Yg2DyQH+XZBMh/BWmZpz8KWSaSrCXpbtqv9DRpvAsxqfZQmBBPUifoGodrL9dNmv0ufxhEQX5ItVBCRC5KTmT0FTRIAI9eVStExqCeTNrtf0RmguLkFoNzS0f44eRexl1BQ4YB9DayS/SN9M0t4TMhj1lUgUNiBTCN312kv0EZZpHvNHsv8r
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d02204dd-30aa-4841-e0c8-08d9582941d5
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5327.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2021 15:54:07.2648
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 11qPx8aWWswb/6TOOtf9cqg6+cpCm4WRqH1LZwcYCT8zAfYVAmqrQ68QJAfQvPnmMxye1HCA43TkMFoz07Oc5nK/f1usDKlFOYJCqvJ9fFI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2204
X-Proofpoint-GUID: bTiTn142HcJEZqbywwHQpg_7zk0cRjMW
X-Proofpoint-ORIG-GUID: bTiTn142HcJEZqbywwHQpg_7zk0cRjMW
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-08-05_05,2021-08-05_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 lowpriorityscore=0
	phishscore=0 adultscore=0 priorityscore=1501 suspectscore=0
	clxscore=1015
	malwarescore=0 impostorscore=0 spamscore=0 mlxlogscore=999
	bulkscore=0
	classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2107140000
	definitions=main-2108050097
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

Message ID	20210805155343.3618696-4-ovidiu.panait@windriver.com
State	Superseded
Headers	show Return-Path: <stable-owner@kernel.org> From: Ovidiu Panait <ovidiu.panait@windriver.com> To: stable@vger.kernel.org Cc: bpf@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org, john.fastabend@gmail.com, benedict.schlueter@rub.de, piotras@gmail.com Subject: [PATCH 5.4 3/6] bpf: Fix leakage under speculation on mispredicted branches Date: Thu, 5 Aug 2021 18:53:40 +0300 Message-Id: <20210805155343.3618696-4-ovidiu.panait@windriver.com> In-Reply-To: <20210805155343.3618696-1-ovidiu.panait@windriver.com> References: <20210805155343.3618696-1-ovidiu.panait@windriver.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Precedence: bulk
Series	bpf: backport fixes for CVE-2021-33624 \| expand [5.4,0/6] bpf: backport fixes for CVE-2021-33624 [5.4,1/6] bpf: Inherit expanded/patched seen count from old aux data [5.4,2/6] bpf: Do not mark insn as seen under speculative path verification [5.4,3/6] bpf: Fix leakage under speculation on mispredicted branches [5.4,4/6] bpf: Test_verifier, add alu32 bounds tracking tests [5.4,5/6] bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones [5.4,6/6] bpf, selftests: Adjust few selftest outcomes wrt unreachable code

[5.4,3/6] bpf: Fix leakage under speculation on mispredicted branches

Commit Message

Patch