Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp483779ima; Fri, 1 Feb 2019 06:23:43 -0800 (PST) X-Google-Smtp-Source: ALg8bN4XjpstRvdYWPG/Fci+gRuM/cG1HiTyZYMDNLStaZfIUyBV1khx52jrpGVEAwT5EK2t/pQ5 X-Received: by 2002:a62:d2c1:: with SMTP id c184mr39893707pfg.248.1549031023353; Fri, 01 Feb 2019 06:23:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549031023; cv=none; d=google.com; s=arc-20160816; b=gbCt1YVZsQb6M/EBUllHQV8bS/QyVV3t3gcP0K9l3GfwfPZ7tImyHa/Jxlc5DJYDPZ /PJynnzRXGkNqu9/IP/4tSzC5QgzCIFB1Sx6kLpPtdHqeClo8F3TESnGvwZJP/FJX09b lIzClfZaZplk3kNEsij6cBFHimCCux8gH+yMcSifoODT8L4y0CYus4hgUY0b8tXhnsim adnv/m3IEmaaOL+FMZUYIO24xEaUtJkWbJd2u1R96sOvqI/euZpA4V90RFy5eg5Uetx5 5J5YSbTQ8mUVoZCjNEKu7HodkNPXz/DnlhV23MrK8seq/ZdunVfh1yEhllP8deiQ+juN EVcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BAhbsvt685Jn2cv9mpgyqPQtKTkU+Bo5Putqk7WhW8M=; b=OD75WbEhd67aGGZEGDv2UW54rqY+H6GUrs7vLUY1cP9c0Vxb/gL6IYTiof3l+74wIm oBP09hEX9UwXYgO+nM+9eDDTFZOWklIHPThDXz1aK4LYcMKVUqYiRoap6zhEqqMTH0+P 0jksxXWMp+Iep8ZJTlr+0alnk8rfYdXga2YEkt4/4tqs+wyGy7Ce51m/xymIxilxw8iC URXqJUp9BgY+JVx7WZgtVewH3AblXBAGGD+OeKW6/rLHe3ICftOO+00m6i41XR4QFUIk oMbVRp4BRWOkd4tY5lLBtMIR5S1N15JRzLZ1J9qGe9Yv9ZHIZFAAj4ite93gNMpY5oBq 4k2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="qJ/B+jLy"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n1si7482316pgh.172.2019.02.01.06.23.27; Fri, 01 Feb 2019 06:23:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="qJ/B+jLy"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730523AbfBAOAr (ORCPT + 99 others); Fri, 1 Feb 2019 09:00:47 -0500 Received: from mail-ot1-f67.google.com ([209.85.210.67]:33931 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730438AbfBAOAq (ORCPT ); Fri, 1 Feb 2019 09:00:46 -0500 Received: by mail-ot1-f67.google.com with SMTP id t5so6094245otk.1 for ; Fri, 01 Feb 2019 06:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BAhbsvt685Jn2cv9mpgyqPQtKTkU+Bo5Putqk7WhW8M=; b=qJ/B+jLynXP6frwszrKGn6qamBu3+8N/GtAUAJT67zR9u13vIc0LV0AlKqqGiqX7kA 1IOwBZNudri1ClOeqr4R8e7KBOcXtH5z9lqpb8hDgZtxqgIeW4/JmeCLWh8/Tk9T++3N HcWYVXiZIp3TmNYkBHIPi0cMPUqtk3o6p/W/9dPml0axx1OKa2HSmFBtBUiNhWo0tdkl +G8jnAjSkUPwH3GyTf10EorsHUkus7DhDXhKOVBnxJx30fe3G6eXUhyl6DYXbAf7O94L IAGcgCqdltFObWS6uX/KRgnLglce7BJeRR4VBKb/SzB4A5ixSME4pFpv4YpSAW59mYpk J6OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BAhbsvt685Jn2cv9mpgyqPQtKTkU+Bo5Putqk7WhW8M=; b=p5gI31ZZfFmmSIP5Z3hibROUH3hGRW23bkN2i/FYZDGxRoHnELE0lqUBhXvqhPKL5O sHJKHDlaZ5ulE72YFEHKrVJExjnp3daGCKe2WUeOLrv/Xf85m8BSf+BWAdQhYKF9twt/ E9vwPSNvN+mwz0Ezfv5DJeRBSbfFcBbVQDPlWYYYGo76fMqjuoO4iX7uFwD7l99OchMr mR4P/aMs9kP1h2CFFp98oQ0lhCq5Vl6h5EDdruH6k5gTf8BniAnk6wQbqWgKFxo/r5wO svwS4v65wDrLNXx13AYBtkwrloP5+EGKUmuGBtaH5eLQZVyizgstApYxhMUGbSbVW029 0wNg== X-Gm-Message-State: AJcUukfjc/+dqQk7tu443D5DAN6A7Cc38u2ExuV0RAUsMDkRfVUjLyiz 428AVmWgj57OmpS9pTEeAtWLc/rUmgT3wzSyBqbKLw== X-Received: by 2002:a05:6830:1649:: with SMTP id h9mr27148466otr.292.1549029645488; Fri, 01 Feb 2019 06:00:45 -0800 (PST) MIME-Version: 1.0 References: <20190129113159.567154026@linuxfoundation.org> <20190129113207.223846678@linuxfoundation.org> In-Reply-To: <20190129113207.223846678@linuxfoundation.org> From: Jann Horn Date: Fri, 1 Feb 2019 15:00:18 +0100 Message-ID: Subject: Re: [PATCH 4.19 095/103] bpf: prevent out of bounds speculation on pointer arithmetic To: Greg Kroah-Hartman Cc: kernel list , stable@vger.kernel.org, Daniel Borkmann , Alexei Starovoitov , Sasha Levin Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 29, 2019 at 12:47 PM Greg Kroah-Hartman wrote: > 4.19-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > [ commit 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 upstream ] > > Jann reported that the original commit back in b2157399cc98 > ("bpf: prevent out-of-bounds speculation") was not sufficient > to stop CPU from speculating out of bounds memory access: > While b2157399cc98 only focussed on masking array map access > for unprivileged users for tail calls and data access such > that the user provided index gets sanitized from BPF program > and syscall side, there is still a more generic form affected > from BPF programs that applies to most maps that hold user > data in relation to dynamic map access when dealing with > unknown scalars or "slow" known scalars as access offset, for > example: Is this also going into 4.14 and 4.9? I don't see anything related in the stable queue or in stable-rc.