Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp957930lqb; Wed, 17 Apr 2024 16:36:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUX1VaWWR/LDk+uxAKTOGV0WqjEiNL2XyWKyzw6olJKtvNniRvE5GZyX7r2aVUo8JJZzzEuj3/kkg2QFv8Pf36gW2Gw4yqkZHX6MGS/Jw== X-Google-Smtp-Source: AGHT+IEvgaDtvi1ucD77UK8MKn7/nQr/EfxuRhpi7f7H/qj2/0jA9tL3jE2n8fOAFXMdedzqCuhy X-Received: by 2002:a05:6a20:6f08:b0:1aa:930d:3dd7 with SMTP id gt8-20020a056a206f0800b001aa930d3dd7mr895854pzb.6.1713396982973; Wed, 17 Apr 2024 16:36:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713396982; cv=pass; d=google.com; s=arc-20160816; b=hecFYsMDR/rp+X3tYpPoRvMWlaGGmQeBeOf7UAlzUltCVlXxJOPSjVhnSJoh54s8Mz I9W0xEmdDVvQZYdnhsVzaHNQLwUvGPpRLmgc/OfyyYlODl87GbCiHuP34mksM5nmFlNQ jEVztOOCWoGVzUE2aSHI+4GgKILgS8mYotFbGywI0RZLc7pEaIePZrbHAwFOVx6GB0UH KbrKOYKnyP3pM7jyo72hr0I7FiHbv62iHbBJoC+pqT0TIMFrs3LlcTH0SRoMIuX4WxxS 9lqbgBrB2MBAMFnolKqMSSGye6pbMZlfGMrDQv14ET4UTVtszdBRoVdJReWhoYJLJSjG 0Aog== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=V3z9SggHDBHR47UgbLQGuJMnhn0kcj9pVDDXn/yYf9o=; fh=jExt7uQpqU77ixy24l7jbt+1aoq05JdGZwn/VPth52k=; b=DhdM7a78rMna6KdrVRsjrHryeU0QJ7xJoenznM9YIXoj5etdgnjrM40vX9Ji2essDe A+3wQyiyi4/oTBglgMGwWpYloQRA0+kA2nSjD5uljN8cvWp3tMCtHO5P0DAfurofB/RE k1nEW27QVUFvAey0MixEjlto6xTZMxIPmNyT+k1wifqeXKOLkIO2Ukgw0TsZl5beoj/G HsUDjKhfEY093jzqTlupRZWDIiBNBd52vBfzolwLj04k5s4KtceqHBHf9BV+CEf02JnW lLTzdB6zuCMMdOT1s+aPNARTTF9r5B4T7PAVGxs2/V5oEZkgZTtKpWaI8hdgWk7ouLYr nQmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=yYXc1+BO; arc=pass (i=1 spf=pass spfdomain=flex--edliaw.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-149314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149314-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id a13-20020aa7864d000000b006eadffbe8d6si296933pfo.339.2024.04.17.16.36.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:36:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-149314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=yYXc1+BO; arc=pass (i=1 spf=pass spfdomain=flex--edliaw.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-149314-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149314-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 95BC1283594 for ; Wed, 17 Apr 2024 23:36:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C1D431494BE; Wed, 17 Apr 2024 23:35:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yYXc1+BO" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FBD412B177 for ; Wed, 17 Apr 2024 23:35:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713396959; cv=none; b=UqBMjri7mWSORDMI0r3tIbh14KOzzMfdfuouG4CD0Zqf9Uqi2QEWjhw6qb/IQ1kV+eOdwmHgmDDj35agx0djFxL+tjTDFyfJOETQ/HcfxzEIJfCJyzEzB8UexjS3F3Ddpm7Quxk9Az0hiLUNUd2ITzbeNM6bL09YoPwWGsmggTA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713396959; c=relaxed/simple; bh=wvWcGs6xPteYiNkneq2pnXvtLThrV3P28wEAG4lJmWk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GmcZppnfzH7xIi///pexACbr/uvXpwGOcMEhBlKcbgpUivFflHcY6ywhPYiaQ4zeEM/FG4W2Sy38dWOGbJmoSiOLTGXsIXLxuv4BohNfR+N+6G2Y+hRD4dNh1iZwcnFj8oE4QvoKgn5PloCfVp8J1rUlyGTRqcKoIYePhF2LfMU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--edliaw.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yYXc1+BO; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--edliaw.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-615138794f5so3810977b3.2 for ; Wed, 17 Apr 2024 16:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713396957; x=1714001757; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=V3z9SggHDBHR47UgbLQGuJMnhn0kcj9pVDDXn/yYf9o=; b=yYXc1+BO8pN3ZGbtWBN1BCdOpXp4bYd14RfcUw6FYRW13dv8/LKAWgIOcK2wYjtiKS 1qrZC6QA53CmAk8bElaxc4atrm/JkUXFHjKoHAM+Yhg8rlRj+vA993UpAvnr62Gt1uIw xQHEMgxepEx+UkMAhO9AW3Iq2mGVRCAQFvNtoDLPTWsa6ze3C5tSJjLbcGdOwadIHY5X yHTCOMYS6WzDBDffKNwgIR/k9jGbgaEFCnJEjITTG0IOEhUNaw/5ah04aU9xWmlZDcAy y08ylTdIDyGc9U8YxHKx/uAyW1PMoz2prwmoj6IdpM6O0OMGb8UtO4SWu8QQyiJTgvi2 POJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713396957; x=1714001757; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V3z9SggHDBHR47UgbLQGuJMnhn0kcj9pVDDXn/yYf9o=; b=p+JGGN8VffCC7WBedhhWzVBli9rXoEjhm9gY1i6TKbDM1JRl+tQ2UEaUccFBWMnMce /yx24mh/cUKd7B7XMH3Y2ON611QUTiodmXtBXlZuxL8jdqPz3KbAPv5/OPE8PvI5GKL3 SDm1pzB6TfmLvdep3peGMDStSzG0BKG80zZwEiGGbEYp33XnlnVxQ9Ul/Plc/c003eEH 7mzlOP9suM70ubjamB36KjThmDlnZ4W4lBrFTK/vtdHSy3v6o5EERERfpry+acAkKvP7 tbM17ncrgRZrkGeOIpHutRkWtT3ol2uM9gi4bX54lnZoIUKTdX7FXQmPlfH7L9+xlJmr d0Ew== X-Forwarded-Encrypted: i=1; AJvYcCXS9jgi7xo0Vb6pYIia/5ncS6w8ZYdZ5sgJfgc3+80/OhsVeQ5DW9Xi+Rbs4feugEHm2wJTZSgD06jaUkHCRy3QkaBkaQgWPD7rv9vo X-Gm-Message-State: AOJu0Yy8WytQfxex3jbLunrTNQS8I6JGuLv+iRWUt3wXTB+mn8gZrV76 cuhbx7zy7JLFucvcy8rzbpycmfWXnbUrZykZFkvmNf9Rtd+qPNwbt2Ps1+j/gDsAK8NK4tPUXQH tSQ== X-Received: from edliaw.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:305d]) (user=edliaw job=sendgmr) by 2002:a05:6902:1005:b0:dcb:fb69:eadc with SMTP id w5-20020a056902100500b00dcbfb69eadcmr117528ybt.6.1713396956811; Wed, 17 Apr 2024 16:35:56 -0700 (PDT) Date: Wed, 17 Apr 2024 23:35:02 +0000 In-Reply-To: <16430256912363@kroah.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <16430256912363@kroah.com> X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240417233517.3044316-1-edliaw@google.com> Subject: [PATCH 5.15.y 0/5] Backport bounds checks for bpf From: Edward Liaw To: stable@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Hao Luo Cc: bpf@vger.kernel.org, kernel-team@android.com, Edward Liaw , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" These backports fix CVE-2021-4204, CVE-2022-23222 for 5.15.y. This includes a conflict resolution with 45ce4b4f9009 ("bpf: Fix crash due to out of bounds access into reg2btf_ids.") which was cherry-picked previously. Link: https://lore.kernel.org/all/20220428235751.103203-11-haoluo@google.com/ They were tested on 5.15.94 to pass LTP test bpf_prog06 with no regressions from the bpf selftests. Daniel Borkmann (4): bpf: Generalize check_ctx_reg for reuse with other types bpf: Generally fix helper register offset check bpf: Fix out of bounds access for ringbuf helpers bpf: Fix ringbuf memory type confusion when passing to helpers Kumar Kartikeya Dwivedi (1): bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support include/linux/bpf.h | 9 +++- include/linux/bpf_verifier.h | 4 +- kernel/bpf/btf.c | 93 ++++++++++++++++++++++++++++-------- kernel/bpf/verifier.c | 66 +++++++++++++++++-------- 4 files changed, 129 insertions(+), 43 deletions(-) -- 2.44.0.769.g3c40516874-goog