lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jan 2019 00:20:37 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: ast@...nel.org Cc: jannh@...gle.com, davem@...emloft.net, netdev@...r.kernel.org, Daniel Borkmann <daniel@...earbox.net> Subject: [PATCH bpf v2 0/9] bpf fix to prevent oob under speculation This set fixes an out of bounds case under speculative execution by implementing masking of pointer alu into the verifier. For details please see the individual patches. Thanks! v1 -> v2: - Typo fixes in commit msg and a comment, thanks David! Daniel Borkmann (9): bpf: move {prev_,}insn_idx into verifier env bpf: move tmp variable into ax register in interpreter bpf: enable access to ax register also from verifier rewrite bpf: restrict map value pointer arithmetic for unprivileged bpf: restrict stack pointer arithmetic for unprivileged bpf: restrict unknown scalars of mixed signed bounds for unprivileged bpf: fix check_map_access smin_value test when pointer contains offset bpf: prevent out of bounds speculation on pointer arithmetic bpf: add various test cases to selftests include/linux/bpf_verifier.h | 12 + include/linux/filter.h | 10 +- kernel/bpf/core.c | 54 +- kernel/bpf/verifier.c | 342 ++++++-- tools/testing/selftests/bpf/test_verifier.c | 1146 ++++++++++++++++++++++++++- 5 files changed, 1457 insertions(+), 107 deletions(-) -- 2.9.5
Powered by blists - more mailing lists