Merge branch 'prevent-oob-under-speculation'
Daniel Borkmann says:
====================
This set fixes an out of bounds case under speculative execution
by implementing masking of pointer alu into the verifier. For
details please see the individual patches.
Thanks!
v2 -> v3:
- 8/9: change states_equal condition into old->speculative &&
!cur->speculative, thanks Jakub!
- 8/9: remove incorrect speculative state test in
propagate_liveness(), thanks Jakub!
v1 -> v2:
- Typo fixes in commit msg and a comment, thanks David!
====================
Signed-off-by: 
Alexei Starovoitov <ast@kernel.org>
Showing
- include/linux/bpf_verifier.h 12 additions, 0 deletionsinclude/linux/bpf_verifier.h
- include/linux/filter.h 3 additions, 7 deletionsinclude/linux/filter.h
- kernel/bpf/core.c 37 additions, 17 deletionskernel/bpf/core.c
- kernel/bpf/verifier.c 275 additions, 61 deletionskernel/bpf/verifier.c
- tools/testing/selftests/bpf/test_verifier.c 1124 additions, 22 deletionstools/testing/selftests/bpf/test_verifier.c
Loading
Please register or sign in to comment