|
Shung-Hsi Yu |
842ede |
From: Shung-Hsi Yu <shung-hsi.yu@suse.com>
|
|
Shung-Hsi Yu |
842ede |
Date: Tue, 7 Sep 2021 13:26:15 +0800
|
|
Shung-Hsi Yu |
842ede |
Subject: [PATCH] kABI: revert change in struct bpf_insn_aux_data
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
References: bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477
|
|
Shung-Hsi Yu |
842ede |
Patch-mainline: never, kABI
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
Revert sanitize_stack_spill to sanitize_stack_off since they're use in
|
|
Shung-Hsi Yu |
842ede |
pretty much identical way.
|
|
Shung-Hsi Yu |
842ede |
---
|
|
Shung-Hsi Yu |
842ede |
include/linux/bpf_verifier.h | 2 +-
|
|
Shung-Hsi Yu |
842ede |
kernel/bpf/verifier.c | 4 ++--
|
|
Shung-Hsi Yu |
842ede |
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
--- a/include/linux/bpf_verifier.h
|
|
Shung-Hsi Yu |
842ede |
+++ b/include/linux/bpf_verifier.h
|
|
Shung-Hsi Yu |
842ede |
@@ -175,8 +175,8 @@ struct bpf_insn_aux_data {
|
|
Shung-Hsi Yu |
842ede |
u32 alu_limit; /* limit for add/sub register with pointer */
|
|
Shung-Hsi Yu |
842ede |
};
|
|
Shung-Hsi Yu |
842ede |
int ctx_field_size; /* the ctx field size for load insn, maybe 0 */
|
|
Shung-Hsi Yu |
842ede |
+ int sanitize_stack_off; /* subject to Spectre v4 sanitation */
|
|
Shung-Hsi Yu |
842ede |
bool seen; /* this insn was processed by the verifier */
|
|
Shung-Hsi Yu |
842ede |
- bool sanitize_stack_spill; /* subject to Spectre v4 sanitation */
|
|
Shung-Hsi Yu |
842ede |
u8 alu_state; /* used in combination with alu_limit */
|
|
Shung-Hsi Yu |
842ede |
};
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
--- a/kernel/bpf/verifier.c
|
|
Shung-Hsi Yu |
842ede |
+++ b/kernel/bpf/verifier.c
|
|
Shung-Hsi Yu |
842ede |
@@ -1050,7 +1050,7 @@ static int check_stack_write(struct bpf_
|
|
Shung-Hsi Yu |
842ede |
}
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
if (sanitize)
|
|
Shung-Hsi Yu |
842ede |
- env->insn_aux_data[insn_idx].sanitize_stack_spill = true;
|
|
Shung-Hsi Yu |
842ede |
+ env->insn_aux_data[insn_idx].sanitize_stack_off = 1;
|
|
Shung-Hsi Yu |
842ede |
}
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
if (value_regno >= 0 &&
|
|
Shung-Hsi Yu |
842ede |
@@ -5981,7 +5981,7 @@ static int convert_ctx_accesses(struct b
|
|
Shung-Hsi Yu |
842ede |
}
|
|
Shung-Hsi Yu |
842ede |
|
|
Shung-Hsi Yu |
842ede |
if (type == BPF_WRITE &&
|
|
Shung-Hsi Yu |
842ede |
- env->insn_aux_data[i + delta].sanitize_stack_spill) {
|
|
Shung-Hsi Yu |
842ede |
+ env->insn_aux_data[i + delta].sanitize_stack_off) {
|
|
Shung-Hsi Yu |
842ede |
struct bpf_insn patch[] = {
|
|
Shung-Hsi Yu |
842ede |
*insn,
|
|
Shung-Hsi Yu |
842ede |
BPF_ST_NOSPEC(),
|