From patchwork Fri Jan 12 16:17:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Slaby X-Patchwork-Id: 860032 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zJ7F31yn6z9t3x for ; Sat, 13 Jan 2018 03:17:27 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934089AbeALQRY (ORCPT ); Fri, 12 Jan 2018 11:17:24 -0500 Received: from mx2.suse.de ([195.135.220.15]:42938 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934004AbeALQRX (ORCPT ); Fri, 12 Jan 2018 11:17:23 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 5B3E1AE1B; Fri, 12 Jan 2018 16:17:22 +0000 (UTC) From: Jiri Slaby To: gregkh@linuxfoundation.org Cc: stable@vger.kernel.org, ast@kernel.org, netdev@vger.kernel.org, Jiri Slaby Subject: [PATCH 4.4-stable 0/6] bpf: prevent out-of-bounds speculation Date: Fri, 12 Jan 2018 17:17:15 +0100 Message-Id: <20180112161721.8843-1-jslaby@suse.cz> X-Mailer: git-send-email 2.15.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi, this is a backport of these patches which I did for our kernels: c237ee5eb33b bpf: add bpf_patch_insn_single helper 3df126f35f88 bpf: don't (ab)use instructions to store state e245c5c6a565 bpf: move fixup_bpf_calls() function 79741b3bdec0 bpf: refactor fixup_bpf_calls() 8041902dae52 bpf: adjust insn_aux_data when patching insns b2157399cc98 bpf: prevent out-of-bounds speculation I offer it here for use in stable 4.4, if there is no better/simpler backport available yet. Alexei Starovoitov (4): bpf: move fixup_bpf_calls() function bpf: refactor fixup_bpf_calls() bpf: adjust insn_aux_data when patching insns bpf: prevent out-of-bounds speculation Daniel Borkmann (1): bpf: add bpf_patch_insn_single helper Jakub Kicinski (1): bpf: don't (ab)use instructions to store state include/linux/bpf.h | 2 + include/linux/filter.h | 3 + kernel/bpf/arraymap.c | 24 ++++-- kernel/bpf/core.c | 71 ++++++++++++++++ kernel/bpf/syscall.c | 54 ------------ kernel/bpf/verifier.c | 217 +++++++++++++++++++++++++++++++++++-------------- 6 files changed, 252 insertions(+), 119 deletions(-)