| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180518002617.15231-1-daniel@iogearbox.net>
Date: Fri, 18 May 2018 02:26:17 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf 2018-05-18
Hi David,
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix two bugs in sockmap, a use after free in sockmap's error path
from sock_map_ctx_update_elem() where we mistakenly drop a reference
we didn't take prior to that, and in the same function fix a race
in bpf_prog_inc_not_zero() where we didn't use the progs from prior
READ_ONCE(), from John.
2) Reject program expansions once we figure out that their jump target
which crosses patchlet boundaries could otherwise get truncated in
insn->off space, from Daniel.
3) Check the return value of fopen() in BPF selftest's test_verifier
where we determine whether unpriv BPF is disabled, and iff we do
fail there then just assume it is disabled. This fixes a segfault
when used with older kernels, from Jesper.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
When this gets later merged into net-next there are a two trivial
BPF conflicts to resolve:
In kernel/bpf/sockmap.c the bpf_prog_inc_not_zero() cases must
use verdict, parse and tx_msg as their arguments as opposed to
the buggy old version where progs->bpf_{verdict,parse,tx_msg}
were used as passed args.
In tools/lib/bpf/libbpf.c use the hunk from net-next with the
__bpf_object__open() + IS_ERR(obj) test combination. Thus, net-next
code only is sufficient here.
Thanks a lot!
----------------------------------------------------------------
The following changes since commit 02f99df1875c11330cd0be69a40fa8ccd14749b2:
erspan: fix invalid erspan version. (2018-05-17 15:48:49 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
for you to fetch changes up to 050fad7c4534c13c8eb1d9c2ba66012e014773cb:
bpf: fix truncated jump targets on heavy expansions (2018-05-17 16:05:35 -0700)
----------------------------------------------------------------
Daniel Borkmann (1):
bpf: fix truncated jump targets on heavy expansions
Jesper Dangaard Brouer (1):
selftests/bpf: check return value of fopen in test_verifier.c
John Fastabend (2):
bpf: sockmap update rollback on error can incorrectly dec prog refcnt
bpf: parse and verdict prog attach may race with bpf map update
kernel/bpf/core.c | 100 +++++++++++++++++++++-------
kernel/bpf/sockmap.c | 18 ++---
net/core/filter.c | 11 ++-
tools/testing/selftests/bpf/test_verifier.c | 5 ++
4 files changed, 98 insertions(+), 36 deletions(-)
Powered by blists - more mailing lists