v2 updates: - fix the last failing verfifier selftest by backporting the following commits: * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l... * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l... - add CVE-2021-33200 fixes + support patch from 5.4: * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l... * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
The CVE-2021-29155 part of this series is based on Frank van der Linden's backport to 5.4 and 4.14: https://lore.kernel.org/stable/20210429220839.15667-1-fllinden@amazon.com/ https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@amazon.com/
With this series, all verifier selftests pass: /root# ./test_verifier ... Summary: 916 PASSED, 0 SKIPPED, 0 FAILED
What the series does is: * Fix verifier selftests by backporting various bpf/selftest upstream commits + add two 4.19 specific fixes * Backport fixes for CVE-2021-29155 from 5.4 stable, including selftest changes. Only minor context adjustements were made for 4.19 backport. * Backport CVE-2021-33200 fixes. No modifications were made, all patches apply cleanly.
The following commits that fix selftests are 4.19 specific: Ovidiu Panait (2): 1. bpf: fix up selftests after backports were fixed
This is the 4.19 equivalent of https://lore.kernel.org/stable/20210501043014.33300-3-fllinden@amazon.com/
Basically a backport of upstream commit 80c9b2fae87b ("bpf: add various test cases to selftests") adapted to 4.19 in order to fix the selftests that began to fail after CVE-2019-7308 fixes.
2. selftests/bpf: add selftest part of "bpf: improve verifier branch analysis"
This is a cherry-pick of the selftest parts that have been left out when backporting 4f7b3e82589e0 ("bpf: improve verifier branch analysis") to 4.19.
Alexei Starovoitov (1): bpf: extend is_branch_taken to registers
Andrey Ignatov (1): selftests/bpf: Test narrow loads with off > 0 in test_verifier
Daniel Borkmann (13): bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test bpf: Move off_reg into sanitize_ptr_alu bpf: Ensure off_reg has no mixed signed bounds for all types bpf: Rework ptr_limit into alu_limit and add common error path bpf: Improve verifier error messages for users bpf: Refactor and streamline bounds check into helper bpf: Move sanitize_val_alu out of op switch bpf: Tighten speculative pointer arithmetic mask bpf: Update selftests to reflect new error states bpf: Fix leakage of uninitialized bpf stack under speculation bpf: Wrap aux data inside bpf_sanitize_info container bpf: Fix mask direction swap upon off reg sign change bpf: No need to simulate speculative domain for immediates
John Fastabend (1): bpf: Test_verifier, bpf_get_stack return value add <0
Ovidiu Panait (2): bpf: fix up selftests after backports were fixed selftests/bpf: add selftest part of "bpf: improve verifier branch analysis"
Piotr Krysiuk (1): bpf, selftests: Fix up some test_verifier cases for unprivileged
include/linux/bpf_verifier.h | 5 +- kernel/bpf/verifier.c | 300 +++++++++++++------- tools/testing/selftests/bpf/test_verifier.c | 112 ++++++-- 3 files changed, 294 insertions(+), 123 deletions(-)