mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/kernel/bpf
History
Daniel Borkmann 6a87d309fe bpf: No need to simulate speculative domain for immediates 
commit a703619127 upstream.

In 801c6058d1 ("bpf: Fix leakage of uninitialized bpf stack under
speculation") we replaced masking logic with direct loads of immediates
if the register is a known constant. Given in this case we do not apply
any masking, there is also no reason for the operation to be truncated
under the speculative domain.

Therefore, there is also zero reason for the verifier to branch-off and
simulate this case, it only needs to do it for unknown but bounded scalars.
As a side-effect, this also enables few test cases that were previously
rejected due to simulation under zero truncation.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-10 12:43:53 +02:00
..
arraymap.c bpf: sockmap, map_release does not hold refcnt for pinned maps 2018-11-04 14:52:44 +01:00
bpf_lru_list.c bpf_lru_list: Read double-checked variable once without lock 2021-03-03 18:22:39 +01:00
bpf_lru_list.h bpf: Only set node->ref = 1 if it has not been set 2017-09-01 09:57:39 -07:00
cgroup.c bpf: BPF support for sock_ops 2017-07-01 16:15:13 -07:00
core.c bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K 2019-08-25 10:50:23 +02:00
devmap.c bpf: devmap: fix wrong interface selection in notifier_call 2019-12-01 09:13:47 +01:00
hashtab.c bpf: Remove recursion prevention from rcu free callback 2020-10-01 13:12:35 +02:00
helpers.c
inode.c bpf: fix use after free in bpf_evict_inode 2019-04-20 09:15:07 +02:00
lpm_trie.c bpf: fix rcu lockdep warning for lpm_trie map_free callback 2018-03-11 16:23:21 +01:00
Makefile bpf: silence warning messages in core 2019-07-31 07:28:25 +02:00
map_in_map.c bpf: fix inner map masking to prevent oob under speculation 2019-04-20 09:15:09 +02:00
map_in_map.h bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
percpu_freelist.c bpf: fix lockdep false positive in percpu_freelist 2019-03-13 14:03:20 -07:00
percpu_freelist.h bpf: fix lockdep false positive in percpu_freelist 2019-03-13 14:03:20 -07:00
sockmap.c bpf: sockmap, map_release does not hold refcnt for pinned maps 2018-11-04 14:52:44 +01:00
stackmap.c bpf: Check for integer overflow when using roundup_pow_of_two() 2021-02-23 14:00:32 +01:00
syscall.c bpf: Explicitly memset some bpf info structures declared on the stack 2020-04-02 16:34:37 +02:00
tnum.c bpf/verifier: track signed and unsigned min/max values 2017-08-08 17:51:34 -07:00
verifier.c bpf: No need to simulate speculative domain for immediates 2021-06-10 12:43:53 +02:00