[SRU Impish/Unstable 0/3] s390x BPF JIT vulnerabilities
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Sep 21 18:35:22 UTC 2021
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading to
possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.unprivileged_bpf_disabled=1
[Potential regression]
BPF programs might execute incorrectly, affecting seccomp, socket filters,
tracing and other BPF users.
Ilya Leoshkevich (3):
s390/bpf: Fix branch shortening during codegen pass
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
s390/bpf: Fix optimizing out zero-extensions
arch/s390/net/bpf_jit_comp.c | 70 +++++++++++++++++++-----------------
1 file changed, 38 insertions(+), 32 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list