ACK/Cmnt: [SRU Bionic 0/2] CVE-2018-25020 // LP: #1953287
Stefan Bader
stefan.bader at canonical.com
Wed Dec 8 14:46:07 UTC 2021
On 08.12.21 15:27, Thadeu Lima de Souza Cascardo wrote:
> BugLink: https://bugs.launchpad.net/bugs/1953287
>
> [Impact]
>
> A CBPF program jumping over a large number of instructions may lead to kernel
> code execution.
>
> The test might fail with EINVAL or EOPNOTSUPP, which must be accounted for on
> different kernel versions.
>
> [Test case]
> Load test_bpf module.
> Userspace program that causes crash.
>
> [Potential regression]
> Some CBPF and EBPF programs might not load.
>
>
> Daniel Borkmann (1):
> bpf: fix truncated jump targets on heavy expansions
>
> Thadeu Lima de Souza Cascardo (1):
> UBUNTU: SAUCE: Revert "bpf: add also cbpf long jump test cases with
> heavy expansion"
>
> kernel/bpf/core.c | 63 ++++++++++++++++++++++++++++++++++++++++-------
> lib/test_bpf.c | 63 -----------------------------------------------
> net/core/filter.c | 11 +++++++--
> 3 files changed, 63 insertions(+), 74 deletions(-)
>
It would help here if it contained some mention about successful testing. The
first patch needed some heavier changes which seem to make one function vanish
(the adjust_imm one). That seems to be related to pseudo call that is mentioned
in the backport comment. For a quick review that is making things hard.
I believe it looks ok...
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20211208/e3b7a52c/attachment-0001.sig>
More information about the kernel-team
mailing list