ACK: [SRU Impish/Unstable 0/3] s390x BPF JIT vulnerabilities
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Wed Sep 22 06:37:10 UTC 2021
On 21/09/2021 20:35, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>
> s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading to
> possible local privilege escalation.
>
> [Mitigation]
>
> Disable unprivileged eBPF.
> sysctl -w kernel.unprivileged_bpf_disabled=1
>
> [Potential regression]
>
> BPF programs might execute incorrectly, affecting seccomp, socket filters,
> tracing and other BPF users.
>
> Ilya Leoshkevich (3):
> s390/bpf: Fix branch shortening during codegen pass
> s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
> s390/bpf: Fix optimizing out zero-extensions
>
> arch/s390/net/bpf_jit_comp.c | 70 +++++++++++++++++++-----------------
> 1 file changed, 38 insertions(+), 32 deletions(-)
>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list