mbox series

[4.19,0/4] bpf: backport fixes for CVE-2021-33624

Message ID 20210812170037.2370387-1-ovidiu.panait@windriver.com
Headers show
Series bpf: backport fixes for CVE-2021-33624 | expand

Message

Ovidiu Panait Aug. 12, 2021, 5 p.m. UTC
NOTE: the fixes were manually adjusted to apply to 4.19, so copying bpf@ to see
if there are any concerns.

With this patchseries all bpf verifier selftests pass:
root@intel-x86-64:~# ./test_verifier
...
#657/u pass modified ctx pointer to helper, 2 OK
#657/p pass modified ctx pointer to helper, 2 OK
#658/p pass modified ctx pointer to helper, 3 OK
#659/p mov64 src == dst OK
#660/p mov64 src != dst OK
#661/u calls: ctx read at start of subprog OK
#661/p calls: ctx read at start of subprog OK
Summary: 925 PASSED, 0 SKIPPED, 0 FAILED

Daniel Borkmann (4):
  bpf: Inherit expanded/patched seen count from old aux data
  bpf: Do not mark insn as seen under speculative path verification
  bpf: Fix leakage under speculation on mispredicted branches
  bpf, selftests: Adjust few selftest outcomes wrt unreachable code

 kernel/bpf/verifier.c                       | 68 ++++++++++++++++++---
 tools/testing/selftests/bpf/test_verifier.c |  2 +
 2 files changed, 62 insertions(+), 8 deletions(-)