[SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Seth Forshee
BugLink: http://bugs.launchpad.net/bugs/1763454

At the time this commit was backported some of the code it
modifies was not present. When the code was later introduced from
upstream stable it did not get the changes from this commit.
Backport those changes now.

Signed-off-by: Seth Forshee <[hidden email]>
---
 kernel/bpf/verifier.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8a40719c6ae5..c2b2743cec83 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2005,6 +2005,7 @@ process_bpf_exit:
  return err;
 
  insn_idx++;
+ env->insn_aux_data[insn_idx].seen = true;
  } else {
  verbose("invalid BPF_LD mode\n");
  return -EINVAL;
@@ -2161,6 +2162,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
  u32 off, u32 cnt)
 {
  struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
+ int i;
 
  if (cnt == 1)
  return 0;
@@ -2170,6 +2172,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
  memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
  memcpy(new_data + off + cnt - 1, old_data + off,
        sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+ for (i = off; i < off + cnt - 1; i++)
+ new_data[i].seen = true;
  env->insn_aux_data = new_data;
  vfree(old_data);
  return 0;
--
2.15.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Colin King
On 13/04/18 13:21, Seth Forshee wrote:

> BugLink: http://bugs.launchpad.net/bugs/1763454
>
> At the time this commit was backported some of the code it
> modifies was not present. When the code was later introduced from
> upstream stable it did not get the changes from this commit.
> Backport those changes now.
>
> Signed-off-by: Seth Forshee <[hidden email]>
> ---
>  kernel/bpf/verifier.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 8a40719c6ae5..c2b2743cec83 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2005,6 +2005,7 @@ process_bpf_exit:
>   return err;
>  
>   insn_idx++;
> + env->insn_aux_data[insn_idx].seen = true;
>   } else {
>   verbose("invalid BPF_LD mode\n");
>   return -EINVAL;
> @@ -2161,6 +2162,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   u32 off, u32 cnt)
>  {
>   struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
> + int i;
>  
>   if (cnt == 1)
>   return 0;
> @@ -2170,6 +2172,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
>   memcpy(new_data + off + cnt - 1, old_data + off,
>         sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
> + for (i = off; i < off + cnt - 1; i++)
> + new_data[i].seen = true;
>   env->insn_aux_data = new_data;
>   vfree(old_data);
>   return 0;
>

This has positive test results, and addresses the backport issue, so..

Acked-by: Colin Ian King <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Stefan Bader-2
In reply to this post by Seth Forshee
On 13.04.2018 14:21, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/1763454
>
> At the time this commit was backported some of the code it
> modifies was not present. When the code was later introduced from
> upstream stable it did not get the changes from this commit.
> Backport those changes now.
>
> Signed-off-by: Seth Forshee <[hidden email]>
Acked-by: Stefan Bader <[hidden email]>

> ---
>  kernel/bpf/verifier.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 8a40719c6ae5..c2b2743cec83 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2005,6 +2005,7 @@ process_bpf_exit:
>   return err;
>  
>   insn_idx++;
> + env->insn_aux_data[insn_idx].seen = true;
>   } else {
>   verbose("invalid BPF_LD mode\n");
>   return -EINVAL;
> @@ -2161,6 +2162,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   u32 off, u32 cnt)
>  {
>   struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
> + int i;
>  
>   if (cnt == 1)
>   return 0;
> @@ -2170,6 +2172,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
>   memcpy(new_data + off + cnt - 1, old_data + off,
>         sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
> + for (i = off; i < off + cnt - 1; i++)
> + new_data[i].seen = true;
>   env->insn_aux_data = new_data;
>   vfree(old_data);
>   return 0;
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Juerg Haefliger
In reply to this post by Seth Forshee
On 04/13/2018 02:21 PM, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/1763454
>
> At the time this commit was backported some of the code it
> modifies was not present. When the code was later introduced from
> upstream stable it did not get the changes from this commit.
> Backport those changes now.
>
> Signed-off-by: Seth Forshee <[hidden email]>

Shouldn't this have the CVE identifier or did I misunderstand that this
is part of a backported CVE fix?

...Juerg


> ---
>  kernel/bpf/verifier.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 8a40719c6ae5..c2b2743cec83 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2005,6 +2005,7 @@ process_bpf_exit:
>   return err;
>  
>   insn_idx++;
> + env->insn_aux_data[insn_idx].seen = true;
>   } else {
>   verbose("invalid BPF_LD mode\n");
>   return -EINVAL;
> @@ -2161,6 +2162,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   u32 off, u32 cnt)
>  {
>   struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
> + int i;
>  
>   if (cnt == 1)
>   return 0;
> @@ -2170,6 +2172,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>   memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
>   memcpy(new_data + off + cnt - 1, old_data + off,
>         sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
> + for (i = off; i < off + cnt - 1; i++)
> + new_data[i].seen = true;
>   env->insn_aux_data = new_data;
>   vfree(old_data);
>   return 0;
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Seth Forshee
On Mon, Apr 16, 2018 at 09:24:08AM +0200, Juerg Haefliger wrote:

> On 04/13/2018 02:21 PM, Seth Forshee wrote:
> > BugLink: http://bugs.launchpad.net/bugs/1763454
> >
> > At the time this commit was backported some of the code it
> > modifies was not present. When the code was later introduced from
> > upstream stable it did not get the changes from this commit.
> > Backport those changes now.
> >
> > Signed-off-by: Seth Forshee <[hidden email]>
>
> Shouldn't this have the CVE identifier or did I misunderstand that this
> is part of a backported CVE fix?

Maybe ... it is part of the CVE fix, though I don't believe the
omission leaves the kernel vulnerable to the CVE. I guess maybe it
should have the id though.

Want me to resend or just want to add it when applying? The CVE id is
CVE-2017-17862.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Juerg Haefliger
On 04/16/2018 02:42 PM, Seth Forshee wrote:

> On Mon, Apr 16, 2018 at 09:24:08AM +0200, Juerg Haefliger wrote:
>> On 04/13/2018 02:21 PM, Seth Forshee wrote:
>>> BugLink: http://bugs.launchpad.net/bugs/1763454
>>>
>>> At the time this commit was backported some of the code it
>>> modifies was not present. When the code was later introduced from
>>> upstream stable it did not get the changes from this commit.
>>> Backport those changes now.
>>>
>>> Signed-off-by: Seth Forshee <[hidden email]>
>>
>> Shouldn't this have the CVE identifier or did I misunderstand that this
>> is part of a backported CVE fix?
>
> Maybe ... it is part of the CVE fix, though I don't believe the
> omission leaves the kernel vulnerable to the CVE. I guess maybe it
> should have the id though.
Yeah I was just wondering if it helps to clarify that the commits belong
together.

> Want me to resend or just want to add it when applying? The CVE id is
> CVE-2017-17862.

Add when applying works for me. Whatever is easiest.

...Juerg




--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

NAK: [SRU][Xenial][PATCH] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Seth Forshee
In reply to this post by Seth Forshee
On Fri, Apr 13, 2018 at 07:21:08AM -0500, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/1763454
>
> At the time this commit was backported some of the code it
> modifies was not present. When the code was later introduced from
> upstream stable it did not get the changes from this commit.
> Backport those changes now.
>
> Signed-off-by: Seth Forshee <[hidden email]>

Another issue was identified, I will send an updated patch.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team