mbox series

[v2,4.19,00/19] bpf: fix verifier selftests, add CVE-2021-29155, CVE-2021-33200 fixes

Message ID 20210528103810.22025-1-ovidiu.panait@windriver.com
Headers show
Series bpf: fix verifier selftests, add CVE-2021-29155, CVE-2021-33200 fixes | expand

Message

Ovidiu Panait May 28, 2021, 10:37 a.m. UTC
v2 updates:
- fix the last failing verfifier selftest by backporting the following
  commits:
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb8d251ee2a6bf4d7f4af5548e9c8f4fb5f90402
* https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=37e1cdff90c1bc448edb4d73a18d89e05e36ab55
* https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=a801a05ca7145fd2b72dad35bd01977014241e55
- add CVE-2021-33200 fixes + support patch from 5.4:
* https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=8ba25a9ef9b9ca84d085aea4737e6c0852aa5bfd
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5

The CVE-2021-29155 part of this series is based on Frank van der Linden's
backport to 5.4 and 4.14:
https://lore.kernel.org/stable/20210429220839.15667-1-fllinden@amazon.com/
https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@amazon.com/

With this series, all verifier selftests pass:
/root# ./test_verifier
...
Summary: 916 PASSED, 0 SKIPPED, 0 FAILED

What the series does is:
* Fix verifier selftests by backporting various bpf/selftest upstream commits +
  add two 4.19 specific fixes
* Backport fixes for CVE-2021-29155 from 5.4 stable, including selftest
  changes. Only minor context adjustements were made for 4.19 backport.
* Backport CVE-2021-33200 fixes. No modifications were made, all patches
  apply cleanly.

The following commits that fix selftests are 4.19 specific:
Ovidiu Panait (2):
   1. bpf: fix up selftests after backports were fixed

      This is the 4.19 equivalent of
      https://lore.kernel.org/stable/20210501043014.33300-3-fllinden@amazon.com/

      Basically a backport of upstream commit 80c9b2fae87b ("bpf: add various
      test cases to selftests") adapted to 4.19 in order to fix the
      selftests that began to fail after CVE-2019-7308 fixes.

  2. selftests/bpf: add selftest part of "bpf: improve verifier branch
     analysis"

     This is a cherry-pick of the selftest parts that have been left out when
     backporting 4f7b3e82589e0 ("bpf: improve verifier branch analysis") to 4.19.

Alexei Starovoitov (1):
  bpf: extend is_branch_taken to registers

Andrey Ignatov (1):
  selftests/bpf: Test narrow loads with off > 0 in test_verifier

Daniel Borkmann (13):
  bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test
  bpf: Move off_reg into sanitize_ptr_alu
  bpf: Ensure off_reg has no mixed signed bounds for all types
  bpf: Rework ptr_limit into alu_limit and add common error path
  bpf: Improve verifier error messages for users
  bpf: Refactor and streamline bounds check into helper
  bpf: Move sanitize_val_alu out of op switch
  bpf: Tighten speculative pointer arithmetic mask
  bpf: Update selftests to reflect new error states
  bpf: Fix leakage of uninitialized bpf stack under speculation
  bpf: Wrap aux data inside bpf_sanitize_info container
  bpf: Fix mask direction swap upon off reg sign change
  bpf: No need to simulate speculative domain for immediates

John Fastabend (1):
  bpf: Test_verifier, bpf_get_stack return value add <0

Ovidiu Panait (2):
  bpf: fix up selftests after backports were fixed
  selftests/bpf: add selftest part of "bpf: improve verifier branch
    analysis"

Piotr Krysiuk (1):
  bpf, selftests: Fix up some test_verifier cases for unprivileged

 include/linux/bpf_verifier.h                |   5 +-
 kernel/bpf/verifier.c                       | 300 +++++++++++++-------
 tools/testing/selftests/bpf/test_verifier.c | 112 ++++++--
 3 files changed, 294 insertions(+), 123 deletions(-)

Comments

Greg KH May 30, 2021, 12:23 p.m. UTC | #1
On Fri, May 28, 2021 at 01:37:51PM +0300, Ovidiu Panait wrote:
> v2 updates:

> - fix the last failing verfifier selftest by backporting the following

>   commits:

> * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb8d251ee2a6bf4d7f4af5548e9c8f4fb5f90402

> * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=37e1cdff90c1bc448edb4d73a18d89e05e36ab55

> * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=a801a05ca7145fd2b72dad35bd01977014241e55

> - add CVE-2021-33200 fixes + support patch from 5.4:

> * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=8ba25a9ef9b9ca84d085aea4737e6c0852aa5bfd

> * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0

> * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e

> * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5

> 

> The CVE-2021-29155 part of this series is based on Frank van der Linden's

> backport to 5.4 and 4.14:

> https://lore.kernel.org/stable/20210429220839.15667-1-fllinden@amazon.com/

> https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@amazon.com/

> 

> With this series, all verifier selftests pass:

> /root# ./test_verifier

> ...

> Summary: 916 PASSED, 0 SKIPPED, 0 FAILED

> 

> What the series does is:

> * Fix verifier selftests by backporting various bpf/selftest upstream commits +

>   add two 4.19 specific fixes

> * Backport fixes for CVE-2021-29155 from 5.4 stable, including selftest

>   changes. Only minor context adjustements were made for 4.19 backport.

> * Backport CVE-2021-33200 fixes. No modifications were made, all patches

>   apply cleanly.

> 

> The following commits that fix selftests are 4.19 specific:

> Ovidiu Panait (2):

>    1. bpf: fix up selftests after backports were fixed

> 

>       This is the 4.19 equivalent of

>       https://lore.kernel.org/stable/20210501043014.33300-3-fllinden@amazon.com/

> 

>       Basically a backport of upstream commit 80c9b2fae87b ("bpf: add various

>       test cases to selftests") adapted to 4.19 in order to fix the

>       selftests that began to fail after CVE-2019-7308 fixes.

> 

>   2. selftests/bpf: add selftest part of "bpf: improve verifier branch

>      analysis"

> 

>      This is a cherry-pick of the selftest parts that have been left out when

>      backporting 4f7b3e82589e0 ("bpf: improve verifier branch analysis") to 4.19.


All now queued up, thanks!

greg k-h