From: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Date: Tue, 7 Sep 2021 13:26:15 +0800
Subject: [PATCH] kABI: revert change in struct bpf_insn_aux_data
References: bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477
Patch-mainline: never, kABI
Revert sanitize_stack_spill to sanitize_stack_off since they're use in
pretty much identical way.
---
include/linux/bpf_verifier.h | 2 +-
kernel/bpf/verifier.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -312,8 +312,8 @@ struct bpf_insn_aux_data {
};
u64 map_key_state; /* constant (32 bit) key tracking for maps */
int ctx_field_size; /* the ctx field size for load insn, maybe 0 */
+ int sanitize_stack_off; /* subject to Spectre v4 sanitation */
u32 seen; /* this insn was processed by the verifier at env->pass_cnt */
- bool sanitize_stack_spill; /* subject to Spectre v4 sanitation */
bool zext_dst; /* this insn zero extends dst reg */
u8 alu_state; /* used in combination with alu_limit */
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2259,7 +2259,7 @@ static int check_stack_write(struct bpf_
}
if (sanitize)
- env->insn_aux_data[insn_idx].sanitize_stack_spill = true;
+ env->insn_aux_data[insn_idx].sanitize_stack_off = 1;
}
if (reg && size == BPF_REG_SIZE && register_is_const(reg) &&
@@ -10112,7 +10112,7 @@ static int convert_ctx_accesses(struct b
}
if (type == BPF_WRITE &&
- env->insn_aux_data[i + delta].sanitize_stack_spill) {
+ env->insn_aux_data[i + delta].sanitize_stack_off) {
struct bpf_insn patch[] = {
*insn,
BPF_ST_NOSPEC(),