From: Gary Lin <glin@suse.com>
Subject: [PATCH] kabi: ignore struct bpf_insn_aux_data change
Patch-mainline: No, SUSE-specific
References: bsc#1068032 CVE-2017-5753
Signed-off-by: Gary Lin <glin@suse.com>
---
Replace `int sanitize_stack_off` with `bool sanitize_stack_spill` to adapte to
changes in introduced in "bpf: Fix leakage due to insufficient speculative
store bypass mitigation"
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
---
include/linux/bpf_verifier.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -106,7 +106,9 @@ struct bpf_verifier_state {
struct bpf_verifier_state *parent;
int allocated_stack;
struct bpf_stack_state *stack;
+#ifndef __GENKSYMS__
bool speculative;
+#endif
};
/* linked list of verifier states used to prune search */
@@ -136,9 +138,9 @@ struct bpf_insn_aux_data {
};
int ctx_field_size; /* the ctx field size for load insn, maybe 0 */
bool seen; /* this insn was processed by the verifier */
- u8 alu_state; /* used in combination with alu_limit */
#ifndef __GENKSYMS__
bool sanitize_stack_spill; /* subject to Spectre v4 sanitation */
+ u8 alu_state; /* used in combination with alu_limit */
#endif
};