From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E23BC282C0 for ; Wed, 23 Jan 2019 17:12:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0AEF621872 for ; Wed, 23 Jan 2019 17:12:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="N9BPkpNr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726144AbfAWRMl (ORCPT ); Wed, 23 Jan 2019 12:12:41 -0500 Received: from mail-oi1-f193.google.com ([209.85.167.193]:36573 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726035AbfAWRMk (ORCPT ); Wed, 23 Jan 2019 12:12:40 -0500 Received: by mail-oi1-f193.google.com with SMTP id x23so2414803oix.3 for ; Wed, 23 Jan 2019 09:12:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gRe0VIYkqjKnl3qbTlD7fv3HC11m/bbbmbEYqZ6NqYg=; b=N9BPkpNruZ6pVnM8A7BvfXiShLRUI1KL16Rm56Ygcv8F/Pu5EM1MVmmIrib/t2ctwa 6/Ei6z8d2KWuw4podijdgrbQX2K/zp0mbs/iGP+nN0/xbWUpYgz+q7JEx9oxFhE4ZupR XpUgP7h9w83d08386QIQTCs+hxdGKLcpqFDvucPtN/YTbm1PRBWwiOKFho0Ma8ZyTPK7 tge0ctcccQS6ECKLw3bXbEX0KX4iFt7wOx7NP/6YNIyCD4Fcx6OZcJPRzLsenqdgYYwJ 6DcmH9nJknJkIFXxwC3oh/Xlp87xOeEr0wZ5iyX5CbzYMoXA32xZGUo1AI3uwWEh7FvQ odXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gRe0VIYkqjKnl3qbTlD7fv3HC11m/bbbmbEYqZ6NqYg=; b=MmfDTbp5fwG7oSDGN6M3msbcj9BCHNiLmiigQ14z6wIYd86v7F+E1PtZ2WKD0ZHn9w LDwKCQQVl5zCrKPY8RqHcU+I9P/C7D7BXpElCX3jcuHZGRA+PYcqfMSBD2RECoGtfBMC xEXPxD23F2h/FMQQCihj5Qt9fGYwSEETjzURHSI3g9TKXKJGaoD2CO3XW/Crfd1jhnbU 0FIH5MBUdtTI2Av2s3DdN6gPX99KtcPsmTT2UYnP4biPefwiKG9D8qBE6V2omWqW/2+e 4q6XcwXd0/Zae1rEXGpv4oGckLPXR3KnpWsJsq4qtUMC+4Vve6y/9itEGMHiaFyIihSM re5A== X-Gm-Message-State: AJcUukdRmZN+XbaWZgzlNtDEMvptxFGxGWDS5To9OSFRfkjrSMoWue2N X2khvlRD3k0TLJI8xL9pxRCIKdk8LHmHWRu1m+2soNr1ejusrRinMUz5bmE3o3JkE+1eBEBqwyH wVjc67vLgR7y6+wvlhXNbySM= X-Google-Smtp-Source: ALg8bN5jepHJpnqUUcaG55N+iIjJ/3TPMBftQnuYC5v0ECZD0z8bgAxSiqpGzQnbJ/BSVTmKlnO1YUc33NkukAz1JrQ= X-Received: by 2002:aca:bcc6:: with SMTP id m189mr1941120oif.337.1548263559237; Wed, 23 Jan 2019 09:12:39 -0800 (PST) MIME-Version: 1.0 References: <20190102235835.3311-1-daniel@iogearbox.net> <20190103000824.ph4kioreaylgvge3@ast-mbp.dhcp.thefacebook.com> <20190123170454.GC30381@kroah.com> In-Reply-To: <20190123170454.GC30381@kroah.com> From: Jann Horn Date: Wed, 23 Jan 2019 18:12:13 +0100 Message-ID: Subject: Re: stable backport for the BPF speculation series? [was: Re: [PATCH bpf v3 0/9] bpf fix to prevent oob under speculation] To: Greg Kroah-Hartman , Daniel Borkmann Cc: "David S. Miller" , Alexei Starovoitov , Alexei Starovoitov , jakub.kicinski@netronome.com, Network Development Content-Type: text/plain; charset="UTF-8" X-ccpol: medium Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Wed, Jan 23, 2019 at 6:04 PM Greg Kroah-Hartman wrote: > On Tue, Jan 22, 2019 at 03:36:54PM +0100, Jann Horn wrote: > > On Thu, Jan 3, 2019 at 1:08 AM Alexei Starovoitov > > wrote: > > > On Thu, Jan 03, 2019 at 12:58:26AM +0100, Daniel Borkmann wrote: > > > > This set fixes an out of bounds case under speculative execution > > > > by implementing masking of pointer alu into the verifier. For > > > > details please see the individual patches. > > > > > > > > Thanks! > > > > > > > > v2 -> v3: > > > > - 8/9: change states_equal condition into old->speculative && > > > > !cur->speculative, thanks Jakub! > > > > - 8/9: remove incorrect speculative state test in > > > > propagate_liveness(), thanks Jakub! > > > > v1 -> v2: > > > > - Typo fixes in commit msg and a comment, thanks David! > > > > > > Applied, Thanks > > > > This series and the followup fix ("bpf: fix sanitation of alu op with > > pointer / scalar type from different paths") have been in Linus' tree > > for six days, but from what I can tell, they aren't queued up for > > stable yet. > > What are the git commit ids of the patches you think should be > backported? Daniel Borkmann said at https://marc.info/?l=linux-netdev&m=154820859831443&w=2 : | Will get this to stable towards end of week. We wanted to let this sit | for a while in Linus' tree given the complexity of the fix to get some | more coverage. We also need 9d5564ddcf2a ("bpf: fix inner map masking |to prevent oob under speculation") in addition. , so I expect that he's going to submit a request for stable inclusion in the next few days. The git commits are: c08435ec7f2bc8f4109401f696fd55159b4b40cb 144cd91c4c2bced6eb8a7e25e590f6618a11e854 9b73bfdd08e73231d6a90ae6db4b46b3fbf56c30 0d6303db7970e6f56ae700fa07e11eb510cda125 e4298d25830a866cc0f427d4bccb858e76715859 9d7eceede769f90b66cfa06ad5b357140d5141ed b7137c4eab85c1cf3d46acdde90ce1163b28c873 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 d3bd7413e0ca40b60cf60d4003246d067cafdeda 9d5564ddcf2a0f5ba3fa1c3a1f8a1b59ad309553