lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 13 Jan 2018 00:33:48 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     davem@...emloft.net
Cc:     daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf 2018-01-13

Hi David,

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Follow-up fix to the recent BPF out-of-bounds speculation
   fix that prevents max_entries overflows and an undefined
   behavior on 32 bit archs on index_mask calculation, from
   Daniel.

2) Reject unsupported BPF_ARSH opcode in 32 bit ALU mode that
   was otherwise throwing an unknown opcode warning in the
   interpreter, from Daniel.

3) Typo fix in one of the user facing verbose() messages that
   was added during the BPF out-of-bounds speculation fix,
   from Colin.

Please consider pulling these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git

Thanks a lot!

----------------------------------------------------------------

The following changes since commit 661e4e33a984fbd05e6b573ce4bb639ca699c130:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf (2018-01-10 11:17:21 -0500)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 

for you to fetch changes up to bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1:

  bpf, array: fix overflow in max_entries and undefined behavior in index_mask (2018-01-10 14:46:39 -0800)

----------------------------------------------------------------
Colin Ian King (1):
      bpf: fix spelling mistake: "obusing" -> "abusing"

Daniel Borkmann (2):
      bpf: arsh is not supported in 32 bit alu thus reject it
      bpf, array: fix overflow in max_entries and undefined behavior in index_mask

 kernel/bpf/arraymap.c                       | 18 ++++++++++---
 kernel/bpf/verifier.c                       |  7 ++++-
 tools/testing/selftests/bpf/test_verifier.c | 40 +++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ