Thread (5 messages) 5 messages, 2 authors, 2021-08-27
STALE1763d
Revisions (2)
  1. v1 current
  2. v1 [diff vs current]

[PATCH 4.19 0/3] BPF fixes for CVE-2021-3444 and CVE-2021-3600

From: Thadeu Lima de Souza Cascardo <hidden>
Date: 2021-08-27 13:55:52
Also in: bpf 

The upstream changes necessary to fix these CVEs rely on the presence of JMP32,
which is not a small backport and brings its own potential set of necessary
follow-ups.

Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix
involving the use of the AX register.

This has been tested against the test_verifier in 4.19.y tree and some tests
specific to the two referred CVEs.

Daniel Borkmann (3):
  bpf: Do not use ax register in interpreter on div/mod
  bpf: Fix 32 bit src register truncation on div/mod
  bpf: Fix truncation handling for mod32 dst reg wrt zero

 include/linux/filter.h | 24 ++++++++++++++++++++++++
 kernel/bpf/core.c      | 32 +++++++++++++++-----------------
 kernel/bpf/verifier.c  | 27 ++++++++++++++-------------
 3 files changed, 53 insertions(+), 30 deletions(-)

-- 
2.30.2
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help