On Sat, Mar 17, 2018 at 07:17:17PM -0700, Jann Horn wrote:
Hi!
Someone on Twitter (https://twitter.com/vnik5287/status/974277953394651137) is pointing out that the BPF fix commit 95a762e2c8c942780948091f8f2a4f32fce1ac6f ("bpf: fix incorrect sign extension in check_alu_op()") needs to be applied all the way back to 4.4, and probably also 4.1; my "Fixes:" tag on that commit is incorrect. I assumed that without map access, math correctness issues don't matter, but actually, this one does matter because check_cond_jmp_op() will omit verification for branches that appear to be unreachable (comparison of CONST_IMM register and a constant value). :/
Ok, but the patch doesn't apply cleanly to 4.4.y, and I don't know the bpf code well enough to do it myself. Can you provide a working backport so that I can queue it up?
thanks,
greg k-h