Hi Anil,
On Tue, Jun 29, 2021 at 06:02:14PM -0400, Sasha Levin wrote:
On Tue, Jun 29, 2021 at 01:06:00PM -0700, Anil Altinay wrote:
Hi,
I realized that this cve( https://www.openwall.com/lists/oss-security/2021/03/23/2 ) is not in the 4.19 tree but the commits introduced the vulnerability before 4.19. Is there any reason that the fix was not cherry-picked to 4.19?
Backport wasn't trivial, and no one seemed to care enough about 4.19. Feel free to backport the fix and send it out for review.
FWIW, thre was/is some work in progress from this for the 4.19.y series and in fact they are already done by Thadeu Lima de Souza Cascardo, based on earlier version from Daniel. They are not yet in a form probably to be accepted for stable@... they need some adaption to commit message to reflect the needed changes for the backport, as clean cyerry-picks were not possible and are based on earlier versions of the patches.
There is a prerequisite needed, which is not in mainline, which is a aprtial undo of old commit 144cd91c4c2b ("bpf: move tmp variable into ax register in interpreter") and on top of it first a backport needed for e88b2c6e5a4d ("bpf: Fix 32 bit src register truncation on div/mod") (which is the fix for CVE-2021-3600), and then a backport of the CVE-2021-3444.
Cascardo, Daniel, Alexei, should we post that series here so maybe someone is able to fixup the patches as needed for inclusion in 4.19.y?
Regards, Salvatore