APPLIED: [SRU][Xenial][PATCH v2] UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

Stefan Bader stefan.bader at canonical.com
Fri Apr 20 12:13:03 UTC 2018


On 19.04.2018 20:03, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/1763454
> 
> At the time this commit was backported some of the code it
> modifies was not present. When the code was later introduced from
> upstream stable it did not get the changes from this commit.
> Backport those changes now.
> 
> v2: Also remove errant marking of instruction as seen from the
> backport.
> 
> CVE-2017-17862
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> ---

Applied (with fixes line) to xenial/master-next

>  kernel/bpf/verifier.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index c7c7a85fb1e2..b8d06bb938a0 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -1846,7 +1846,6 @@ static int do_check(struct verifier_env *env)
>  
>  			if (BPF_SIZE(insn->code) != BPF_W) {
>  				insn_idx++;
> -				env->insn_aux_data[insn_idx].seen = true;
>  				continue;
>  			}
>  
> @@ -2016,6 +2015,7 @@ process_bpf_exit:
>  					return err;
>  
>  				insn_idx++;
> +				env->insn_aux_data[insn_idx].seen = true;
>  			} else {
>  				verbose("invalid BPF_LD mode\n");
>  				return -EINVAL;
> @@ -2172,6 +2172,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>  				u32 off, u32 cnt)
>  {
>  	struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
> +	int i;
>  
>  	if (cnt == 1)
>  		return 0;
> @@ -2181,6 +2182,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
>  	memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
>  	memcpy(new_data + off + cnt - 1, old_data + off,
>  	       sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
> +	for (i = off; i < off + cnt - 1; i++)
> +		new_data[i].seen = true;
>  	env->insn_aux_data = new_data;
>  	vfree(old_data);
>  	return 0;
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180420/e1d82b98/attachment.sig>


More information about the kernel-team mailing list