[SRU][F][PATCH v2 0/1] CVE-2024-38662

[Massimiliano Pellizzer]

[Impact]

bpf: Allow delete from sockmap/sockhash only if update is allowed

>From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.

[Fix]

Noble:  Fixed via stable updates (f8457aa6c401bf)
Jammy:  Fixed via stable updates (4aaeb3bf863dc1c)
Focal:  Backported from mainline
Bionic: Not affected
Xenial: Not affected

[Test Case]

Compile and boot tested.

[Where problems could occur]

The fix affects the BPF subsystem and in particular sockmap and sockhash
structures. Users may see kernel warnings or experience system
instability while performing socket operations when utilizing BPF-based
socket management. Moreover, since the patch modifies how the BPF
verifier checks which BPF programs get accepted, users may also notice
unexpected rejections from the verifier.

[Changes between v1 and v2]

The mainline fix commit modifies the function may_update_sockmap(). The
changes to this function are necessary, because the function is used by
the verifier to check whether a BPF program can delete elements from
sockmap and sockhash or not. The function is not implemented in Focal.
V2 backports also may_update_sockmap().

Jakub Sitnicki (1):
  bpf: Allow delete from sockmap/sockhash only if update is allowed

 kernel/bpf/verifier.c | 2 --
 1 file changed, 2 deletions(-)

-- 
2.43.0