lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0aeb9b66-e370-28e9-4fce-c9061104d4b9@iogearbox.net>
Date:   Thu, 24 Jan 2019 12:53:06 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Jann Horn <jannh@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        jakub.kicinski@...ronome.com,
        Network Development <netdev@...r.kernel.org>
Subject: Re: stable backport for the BPF speculation series? [was: Re: [PATCH
 bpf v3 0/9] bpf fix to prevent oob under speculation]

On 01/23/2019 06:12 PM, Jann Horn wrote:
> On Wed, Jan 23, 2019 at 6:04 PM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
>> On Tue, Jan 22, 2019 at 03:36:54PM +0100, Jann Horn wrote:
>>> On Thu, Jan 3, 2019 at 1:08 AM Alexei Starovoitov
>>> <alexei.starovoitov@...il.com> wrote:
>>>> On Thu, Jan 03, 2019 at 12:58:26AM +0100, Daniel Borkmann wrote:
>>>>> This set fixes an out of bounds case under speculative execution
>>>>> by implementing masking of pointer alu into the verifier. For
>>>>> details please see the individual patches.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> v2 -> v3:
>>>>>   - 8/9: change states_equal condition into old->speculative &&
>>>>>     !cur->speculative, thanks Jakub!
>>>>>   - 8/9: remove incorrect speculative state test in
>>>>>     propagate_liveness(), thanks Jakub!
>>>>> v1 -> v2:
>>>>>   - Typo fixes in commit msg and a comment, thanks David!
>>>>
>>>> Applied, Thanks
>>>
>>> This series and the followup fix ("bpf: fix sanitation of alu op with
>>> pointer / scalar type from different paths") have been in Linus' tree
>>> for six days, but from what I can tell, they aren't queued up for
>>> stable yet.
>>
>> What are the git commit ids of the patches you think should be
>> backported?
> 
> Daniel Borkmann said at
> https://marc.info/?l=linux-netdev&m=154820859831443&w=2 :
> 
> | Will get this to stable towards end of week. We wanted to let this sit
> | for a while in Linus' tree given the complexity of the fix to get some
> | more coverage. We also need 9d5564ddcf2a ("bpf: fix inner map masking
> |to prevent oob under speculation") in addition.
> 
> , so I expect that he's going to submit a request for stable inclusion
> in the next few days. The git commits are:

Yep, correct.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ