Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp485252ima; Fri, 1 Feb 2019 06:24:49 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ1wWiYv8WfYJ1T3ZaEbzDLy5lZQ7nyltXQH6sVWxwa3kvg+//iOYtSkfNIo9msEDQtNC+a X-Received: by 2002:a65:609a:: with SMTP id t26mr1620598pgu.411.1549031089851; Fri, 01 Feb 2019 06:24:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549031089; cv=none; d=google.com; s=arc-20160816; b=YjkxMaw6UwYzUN79XEjmzxgbmlmVnJADDCOamkey2b7bRDHUr62tPRC9S4Wl3QbqKj ZFPDRdFKddp4XNLwwy889/qmC5bCf402+THwEMC4CinhTZtMTcAw33RpNTFb6nPJFFoG etQYfhtnF/+PkskuhlotJVVk+M72W72ExHj+6PjMUHRD8bvtbxmGb/ru7R2xwED/wwZV y/Du3mSTl9mBfW1iDwt1fC2qx1cf8suGFgpu13U0Prkd8zAQckgnH8hIPHnn5f19mTbC 2aaCrGWfu81DYldIFvL/NkTSn3cgpCFFQNY2Mg4tg/eAhjCbhxvp0WMuaHm2eV1B+a/u 11kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=r+l7cG64lEJjmDg4JI897xdMHV5xeBLqTihWjrbDlyQ=; b=F31N8j5nUi4wezUzx4cV1lB/BL7QtZ7Oxv7brg2P9GINXAAbYfreVL4rE9IGRYUftL jYzbv+lGCOKrfyjhO57xxJ3yTG4cQT66l1ccRDY7MbTmj8v7f3ZnnFm+GBPAlvkJpB+l 99RwduzPna27h5FiIaVA0vLK9rN2fSqQgzxo3PGEBagyJ6+Qi0pKPATfSFZNrIxuUUdi 97QYug23dZuq5zUF2LdW8gmd68dJBqCRMuVmwo507KZzlavBj6/PfhrVMrkbn/9CYRQZ IGWdtbQScaki+SQ4Z1dX/ao9WbaPR3xauBSlchz5aQt0uRvBFt0Ham6dolQU4LbJzWL1 GkDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="I/eo1Tiz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y3si483312pfb.152.2019.02.01.06.24.34; Fri, 01 Feb 2019 06:24:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="I/eo1Tiz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729722AbfBAOI4 (ORCPT + 99 others); Fri, 1 Feb 2019 09:08:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:33162 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727454AbfBAOIz (ORCPT ); Fri, 1 Feb 2019 09:08:55 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7DF7C2086C; Fri, 1 Feb 2019 14:08:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549030135; bh=7OA25qfVAzON20jJeSkueO6MKWbryxP7uroPyszcNng=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=I/eo1TizT9liXKVn64sYAgcmLCpaPPB9fX8itTO/tdAr4lvsqfpiYIAPKu0qmlY2N HEpiOZsjdpo8+WmXxAMI2sizcilH8m9q5hDDB3UJxwYqoXGUQ8enzZAb9kCtt5bb9p qAvIXpBl/0ERMjnhzMssaQ3ADIq9ou84GJH6tVZg= Date: Fri, 1 Feb 2019 15:08:52 +0100 From: Greg Kroah-Hartman To: Jann Horn Cc: kernel list , stable@vger.kernel.org, Daniel Borkmann , Alexei Starovoitov , Sasha Levin Subject: Re: [PATCH 4.19 095/103] bpf: prevent out of bounds speculation on pointer arithmetic Message-ID: <20190201140852.GA20335@kroah.com> References: <20190129113159.567154026@linuxfoundation.org> <20190129113207.223846678@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.2 (2019-01-07) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 01, 2019 at 03:00:18PM +0100, Jann Horn wrote: > On Tue, Jan 29, 2019 at 12:47 PM Greg Kroah-Hartman > wrote: > > 4.19-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > [ commit 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 upstream ] > > > > Jann reported that the original commit back in b2157399cc98 > > ("bpf: prevent out-of-bounds speculation") was not sufficient > > to stop CPU from speculating out of bounds memory access: > > While b2157399cc98 only focussed on masking array map access > > for unprivileged users for tail calls and data access such > > that the user provided index gets sanitized from BPF program > > and syscall side, there is still a more generic form affected > > from BPF programs that applies to most maps that hold user > > data in relation to dynamic map access when dealing with > > unknown scalars or "slow" known scalars as access offset, for > > example: > > Is this also going into 4.14 and 4.9? I don't see anything related in > the stable queue or in stable-rc. Ah, the original submitter did not send backported patches, but you are right, it should go further back. I'll see how hard it would be to do the backport, thanks for letting me know. greg k-h