Re: [PATCH v2 4.19 00/19] bpf: fix verifier selftests, add CVE-2021-29155, CVE-2021-33200 fixes

On Fri, May 28, 2021 at 01:37:51PM +0300, Ovidiu Panait wrote:

v2 updates:

• fix the last failing verfifier selftest by backporting the following commits:

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...

• add CVE-2021-33200 fixes + support patch from 5.4:

• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

The CVE-2021-29155 part of this series is based on Frank van der Linden's backport to 5.4 and 4.14: https://lore.kernel.org/stable/20210429220839.15667-1-fllinden@amazon.com/ https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@amazon.com/

With this series, all verifier selftests pass: /root# ./test_verifier ... Summary: 916 PASSED, 0 SKIPPED, 0 FAILED

What the series does is:

• Fix verifier selftests by backporting various bpf/selftest upstream commits + add two 4.19 specific fixes
• Backport fixes for CVE-2021-29155 from 5.4 stable, including selftest changes. Only minor context adjustements were made for 4.19 backport.
• Backport CVE-2021-33200 fixes. No modifications were made, all patches apply cleanly.

The following commits that fix selftests are 4.19 specific: Ovidiu Panait (2):

1. bpf: fix up selftests after backports were fixed

   This is the 4.19 equivalent of https://lore.kernel.org/stable/20210501043014.33300-3-fllinden@amazon.com/

   Basically a backport of upstream commit 80c9b2fae87b ("bpf: add various test cases to selftests") adapted to 4.19 in order to fix the selftests that began to fail after CVE-2019-7308 fixes.

2. selftests/bpf: add selftest part of "bpf: improve verifier branch analysis"

   This is a cherry-pick of the selftest parts that have been left out when backporting 4f7b3e82589e0 ("bpf: improve verifier branch analysis") to 4.19.

All now queued up, thanks!

greg k-h