| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190102235835.3311-1-daniel@iogearbox.net>
Date: Thu, 3 Jan 2019 00:58:26 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: ast@...nel.org
Cc: jannh@...gle.com, davem@...emloft.net,
jakub.kicinski@...ronome.com, netdev@...r.kernel.org,
Daniel Borkmann <daniel@...earbox.net>
Subject: [PATCH bpf v3 0/9] bpf fix to prevent oob under speculation
This set fixes an out of bounds case under speculative execution
by implementing masking of pointer alu into the verifier. For
details please see the individual patches.
Thanks!
v2 -> v3:
- 8/9: change states_equal condition into old->speculative &&
!cur->speculative, thanks Jakub!
- 8/9: remove incorrect speculative state test in
propagate_liveness(), thanks Jakub!
v1 -> v2:
- Typo fixes in commit msg and a comment, thanks David!
Daniel Borkmann (9):
bpf: move {prev_,}insn_idx into verifier env
bpf: move tmp variable into ax register in interpreter
bpf: enable access to ax register also from verifier rewrite
bpf: restrict map value pointer arithmetic for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: add various test cases to selftests
include/linux/bpf_verifier.h | 12 +
include/linux/filter.h | 10 +-
kernel/bpf/core.c | 54 +-
kernel/bpf/verifier.c | 336 ++++++--
tools/testing/selftests/bpf/test_verifier.c | 1146 ++++++++++++++++++++++++++-
5 files changed, 1451 insertions(+), 107 deletions(-)
--
2.9.5
Powered by blists - more mailing lists