All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ovidiu Panait <ovidiu.panait@windriver.com>
To: stable@vger.kernel.org
Cc: bpf@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org,
	john.fastabend@gmail.com, benedict.schlueter@rub.de,
	piotras@gmail.com
Subject: [PATCH 5.4 0/6] bpf: backport fixes for CVE-2021-33624
Date: Thu,  5 Aug 2021 18:53:37 +0300	[thread overview]
Message-ID: <20210805155343.3618696-1-ovidiu.panait@windriver.com> (raw)

NOTE: the fixes were manually adjusted to apply to 5.4, so copying bpf@ to see
if there are any concerns.

With this patchseries (applied on top of [1], which was not merged yet), all
bpf verifier selftests pass:
root@intel-x86-64:~# ./test_verifier
...
#1056/p XDP pkt read, pkt_meta' <= pkt_data, good access OK
#1057/p XDP pkt read, pkt_meta' <= pkt_data, bad access 1 OK
#1058/p XDP pkt read, pkt_meta' <= pkt_data, bad access 2 OK
#1059/p XDP pkt read, pkt_data <= pkt_meta', good access OK
#1060/p XDP pkt read, pkt_data <= pkt_meta', bad access 1 OK
#1061/p XDP pkt read, pkt_data <= pkt_meta', bad access 2 OK
Summary: 1571 PASSED, 0 SKIPPED, 0 FAILED

[1] https://lore.kernel.org/stable/20210804172001.3909228-2-ovidiu.panait@windriver.com/T/#u

Daniel Borkmann (4):
  bpf: Inherit expanded/patched seen count from old aux data
  bpf: Do not mark insn as seen under speculative path verification
  bpf: Fix leakage under speculation on mispredicted branches
  bpf, selftests: Adjust few selftest outcomes wrt unreachable code

John Fastabend (2):
  bpf: Test_verifier, add alu32 bounds tracking tests
  bpf, selftests: Add a verifier test for assigning 32bit reg states to
    64bit ones

 kernel/bpf/verifier.c                         | 65 +++++++++++++++++--
 tools/testing/selftests/bpf/test_verifier.c   |  2 +-
 tools/testing/selftests/bpf/verifier/bounds.c | 65 +++++++++++++++++++
 .../selftests/bpf/verifier/dead_code.c        |  2 +
 tools/testing/selftests/bpf/verifier/jmp32.c  | 22 +++++++
 tools/testing/selftests/bpf/verifier/jset.c   | 10 +--
 tools/testing/selftests/bpf/verifier/unpriv.c |  2 +
 .../selftests/bpf/verifier/value_ptr_arith.c  |  7 +-
 8 files changed, 160 insertions(+), 15 deletions(-)

-- 
2.25.1


             reply	other threads:[~2021-08-05 15:54 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-05 15:53 Ovidiu Panait [this message]
2021-08-05 15:53 ` [PATCH 5.4 1/6] bpf: Inherit expanded/patched seen count from old aux data Ovidiu Panait
2021-08-05 15:53 ` [PATCH 5.4 2/6] bpf: Do not mark insn as seen under speculative path verification Ovidiu Panait
2021-08-05 15:53 ` [PATCH 5.4 3/6] bpf: Fix leakage under speculation on mispredicted branches Ovidiu Panait
2021-08-05 15:53 ` [PATCH 5.4 4/6] bpf: Test_verifier, add alu32 bounds tracking tests Ovidiu Panait
2021-08-05 15:53 ` [PATCH 5.4 5/6] bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones Ovidiu Panait
2021-08-05 15:53 ` [PATCH 5.4 6/6] bpf, selftests: Adjust few selftest outcomes wrt unreachable code Ovidiu Panait
2021-08-06  8:07 ` [PATCH 5.4 0/6] bpf: backport fixes for CVE-2021-33624 Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210805155343.3618696-1-ovidiu.panait@windriver.com \
    --to=ovidiu.panait@windriver.com \
    --cc=ast@kernel.org \
    --cc=benedict.schlueter@rub.de \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=john.fastabend@gmail.com \
    --cc=piotras@gmail.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.