[PATCH 5.4 0/4] bpf: backport fixes for CVE-2021-34556/CVE-2021-35477

From: Ovidiu Panait <ovidiu.panait@windriver.com>
To: stable@vger.kernel.org
Cc: bpf@vger.kernel.org, daniel@iogearbox.net
Subject: [PATCH 5.4 0/4] bpf: backport fixes for CVE-2021-34556/CVE-2021-35477
Date: Tue,  7 Sep 2021 16:16:57 +0300	[thread overview]
Message-ID: <20210907131701.1910024-1-ovidiu.panait@windriver.com> (raw)

With this patchseries all bpf verifier selftests pass (tested in qemu for x86_64):
root@intel-x86-64:~# ./test_verifier
...
#1057/p XDP pkt read, pkt_meta' <= pkt_data, bad access 1 OK
#1058/p XDP pkt read, pkt_meta' <= pkt_data, bad access 2 OK
#1059/p XDP pkt read, pkt_data <= pkt_meta', good access OK
#1060/p XDP pkt read, pkt_data <= pkt_meta', bad access 1 OK
#1061/p XDP pkt read, pkt_data <= pkt_meta', bad access 2 OK
Summary: 1571 PASSED, 0 SKIPPED, 0 FAILED

Daniel Borkmann (3):
  bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  bpf: Fix leakage due to insufficient speculative store bypass
    mitigation
  bpf: Fix pointer arithmetic mask tightening under state pruning

Lorenz Bauer (1):
  bpf: verifier: Allocate idmap scratch in verifier env

 arch/arm/net/bpf_jit_32.c         |   3 +
 arch/arm64/net/bpf_jit_comp.c     |  13 +++
 arch/mips/net/ebpf_jit.c          |   3 +
 arch/powerpc/net/bpf_jit_comp64.c |   6 ++
 arch/riscv/net/bpf_jit_comp.c     |   4 +
 arch/s390/net/bpf_jit_comp.c      |   5 +
 arch/sparc/net/bpf_jit_comp_64.c  |   3 +
 arch/x86/net/bpf_jit_comp.c       |   7 ++
 arch/x86/net/bpf_jit_comp32.c     |   6 ++
 include/linux/bpf_verifier.h      |  11 ++-
 include/linux/filter.h            |  15 +++
 kernel/bpf/core.c                 |  18 +++-
 kernel/bpf/disasm.c               |  16 ++--
 kernel/bpf/verifier.c             | 152 ++++++++++++------------------
 14 files changed, 161 insertions(+), 101 deletions(-)

-- 
2.25.1