[SRU][Xenial][PATCH v2] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

[Seth Forshee]

BugLink: http://bugs.launchpad.net/bugs/1763454

At the time this commit was backported some of the code it
modifies was not present. When the code was later introduced from
upstream stable it did not get the changes from this commit.
Backport those changes now.

v2: Also remove errant marking of instruction as seen from the
backport.

CVE-2017-17862
Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
---
 kernel/bpf/verifier.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index c7c7a85fb1e2..b8d06bb938a0 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1846,7 +1846,6 @@ static int do_check(struct verifier_env *env)
 
 			if (BPF_SIZE(insn->code) != BPF_W) {
 				insn_idx++;
-				env->insn_aux_data[insn_idx].seen = true;
 				continue;
 			}
 
@@ -2016,6 +2015,7 @@ process_bpf_exit:
 					return err;
 
 				insn_idx++;
+				env->insn_aux_data[insn_idx].seen = true;
 			} else {
 				verbose("invalid BPF_LD mode\n");
 				return -EINVAL;
@@ -2172,6 +2172,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
 				u32 off, u32 cnt)
 {
 	struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
+	int i;
 
 	if (cnt == 1)
 		return 0;
@@ -2181,6 +2182,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
 	memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
 	memcpy(new_data + off + cnt - 1, old_data + off,
 	       sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+	for (i = off; i < off + cnt - 1; i++)
+		new_data[i].seen = true;
 	env->insn_aux_data = new_data;
 	vfree(old_data);
 	return 0;
-- 
2.15.1