lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Jan 2023 00:07:45 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     davem@...emloft.net
Cc:     kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com,
        daniel@...earbox.net, ast@...nel.org, andrii@...nel.org,
        martin.lau@...ux.dev, netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: pull-request: bpf 2023-01-16

Hi David, hi Jakub, hi Paolo, hi Eric,

The following pull-request contains BPF updates for your *net* tree.

We've added 6 non-merge commits during the last 8 day(s) which contain
a total of 6 files changed, 22 insertions(+), 24 deletions(-).

The main changes are:

1) Mitigate a Spectre v4 leak in unprivileged BPF from speculative
   pointer-as-scalar type confusion, from Luis Gerhorst.

2) Fix a splat when pid 1 attaches a BPF program that attempts to
   send killing signal to itself, from Hao Sun.

3) Fix BPF program ID information in BPF_AUDIT_UNLOAD as well as
   PERF_BPF_EVENT_PROG_UNLOAD events, from Paul Moore.

4) Fix BPF verifier warning triggered from invalid kfunc call in
   backtrack_insn, also from Hao Sun.

5) Fix potential deadlock in htab_lock_bucket from same bucket index
   but different map_locked index, from Tonghao Zhang.

Please consider pulling these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/for-netdev

Thanks a lot!

Also thanks to reporters, reviewers and testers of commits in this pull-request:

Burn Alting, Henriette Hofmeier, Hou Tao, Jiri Olsa, Stanislav Fomichev, 
Yonghong Song

----------------------------------------------------------------

The following changes since commit c244c092f1ed2acfb5af3d3da81e22367d3dd733:

  tipc: fix unexpected link reset due to discovery messages (2023-01-06 12:53:10 +0000)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/for-netdev

for you to fetch changes up to e4f4db47794c9f474b184ee1418f42e6a07412b6:

  bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (2023-01-13 17:18:35 +0100)

----------------------------------------------------------------
bpf-for-netdev

----------------------------------------------------------------
Hao Sun (2):
      bpf: Skip invalid kfunc call in backtrack_insn
      bpf: Skip task with pid=1 in send_signal_common()

Luis Gerhorst (1):
      bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation

Paul Moore (2):
      bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD
      bpf: remove the do_idr_lock parameter from bpf_prog_free_id()

Tonghao Zhang (1):
      bpf: hash map, avoid deadlock with suitable hash mask

 include/linux/bpf.h      |  2 +-
 kernel/bpf/hashtab.c     |  4 ++--
 kernel/bpf/offload.c     |  3 ---
 kernel/bpf/syscall.c     | 24 +++++++-----------------
 kernel/bpf/verifier.c    | 10 +++++++++-
 kernel/trace/bpf_trace.c |  3 +++
 6 files changed, 22 insertions(+), 24 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ