| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211216210005.13815-1-daniel@iogearbox.net>
Date: Thu, 16 Dec 2021 22:00:05 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: kuba@...nel.org, daniel@...earbox.net, ast@...nel.org,
andrii@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: pull-request: bpf 2021-12-16
Hi David, hi Jakub,
The following pull-request contains BPF updates for your *net* tree.
We've added 15 non-merge commits during the last 7 day(s) which contain
a total of 12 files changed, 434 insertions(+), 30 deletions(-).
The main changes are:
1) Fix incorrect verifier state pruning behavior for <8B register spill/fill,
from Paul Chaignon.
2) Fix x86-64 JIT's extable handling for fentry/fexit when return pointer
is an ERR_PTR(), from Alexei Starovoitov.
3) Fix 3 different possibilities that BPF verifier missed where unprivileged
could leak kernel addresses, from Daniel Borkmann.
4) Fix xsk's poll behavior under need_wakeup flag, from Magnus Karlsson.
5) Fix an oob-write in test_verifier due to a missed MAX_NR_MAPS bump,
from Kumar Kartikeya Dwivedi.
6) Fix a race in test_btf_skc_cls_ingress selftest, from Martin KaFai Lau.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
Thanks a lot!
Also thanks to reporters, reviewers and testers of commits in this pull-request:
Alexei Starovoitov, Andrii Nakryiko, Brendan Jackman, Daniel Borkmann,
John Fastabend, Keith Wiles, Kuee K1r0a, Lorenzo Fontana, Maciej
Fijalkowski, Ryota Shiga (Flatt Security)
----------------------------------------------------------------
The following changes since commit ab443c53916730862cec202078d36fd4008bea79:
sch_cake: do not call cake_destroy() from cake_init() (2021-12-10 08:11:36 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
for you to fetch changes up to c2fcbf81c332b42382a0c439bfe2414a241e4f5b:
bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (2021-12-16 21:41:18 +0100)
----------------------------------------------------------------
Alexei Starovoitov (3):
bpf: Fix extable fixup offset.
bpf: Fix extable address check.
selftest/bpf: Add a test that reads various addresses.
Daniel Borkmann (7):
bpf: Fix kernel address leakage in atomic fetch
bpf, selftests: Add test case for atomic fetch on spilled pointer
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer
bpf: Fix signed bounds propagation after mov32
bpf: Make 32->64 bounds propagation slightly more robust
bpf, selftests: Add test case trying to taint map value pointer
Kumar Kartikeya Dwivedi (1):
selftests/bpf: Fix OOB write in test_verifier
Magnus Karlsson (1):
xsk: Do not sleep in poll() when need_wakeup set
Martin KaFai Lau (1):
bpf, selftests: Fix racing issue in btf_skc_cls_ingress test
Paul Chaignon (2):
bpf: Fix incorrect state pruning for <8B spill/fill
selftests/bpf: Tests for state pruning with u32 spill/fill
arch/x86/net/bpf_jit_comp.c | 51 ++++++++++--
kernel/bpf/verifier.c | 53 ++++++++----
net/xdp/xsk.c | 4 +-
.../selftests/bpf/bpf_testmod/bpf_testmod.c | 20 +++++
.../selftests/bpf/prog_tests/btf_skc_cls_ingress.c | 16 +++-
.../selftests/bpf/progs/test_module_attach.c | 12 +++
tools/testing/selftests/bpf/test_verifier.c | 2 +-
.../selftests/bpf/verifier/atomic_cmpxchg.c | 86 ++++++++++++++++++++
.../testing/selftests/bpf/verifier/atomic_fetch.c | 94 ++++++++++++++++++++++
.../selftests/bpf/verifier/search_pruning.c | 71 ++++++++++++++++
tools/testing/selftests/bpf/verifier/spill_fill.c | 32 ++++++++
.../selftests/bpf/verifier/value_ptr_arith.c | 23 ++++++
12 files changed, 434 insertions(+), 30 deletions(-)
Powered by blists - more mailing lists