iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ee8dce2bce
linux/kernel
History
Alexei Starovoitov def8c1d045 bpf: Prevent memory disambiguation attack 
commit af86ca4e3088fe5eacf2f7e58c01fa68ca067672 upstream.

Detect code patterns where malicious 'speculative store bypass' can be used
and sanitize such patterns.

 39: (bf) r3 = r10
 40: (07) r3 += -216
 41: (79) r8 = *(u64 *)(r7 +0)   // slow read
 42: (7a) *(u64 *)(r10 -72) = 0  // verifier inserts this instruction
 43: (7b) *(u64 *)(r8 +0) = r3   // this store becomes slow due to r8
 44: (79) r1 = *(u64 *)(r6 +0)   // cpu speculatively executes this load
 45: (71) r2 = *(u8 *)(r1 +0)    // speculatively arbitrary 'load byte'
                                 // is now sanitized

Above code after x86 JIT becomes:
 e5: mov    %rbp,%rdx
 e8: add    $0xffffffffffffff28,%rdx
 ef: mov    0x0(%r13),%r14
 f3: movq   $0x0,-0x48(%rbp)
 fb: mov    %rdx,0x0(%r14)
 ff: mov    0x0(%rbx),%rdi
103: movzbq 0x0(%rdi),%rsi

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bwh: Backported to 4.9:
 - Add bpf_verifier_env parameter to check_stack_write()
 - Look up stack slot_types with state->stack_slot_type[] rather than
   state->stack[].slot_type[]
 - Drop bpf_verifier_env argument to verbose()
 - Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-08 13:05:10 +01:00
..
bpf
bpf: Prevent memory disambiguation attack
2018-12-08 13:05:10 +01:00
configs
config: android: enable CONFIG_SECCOMP
2016-10-11 15:06:32 -07:00
debug
kdb: use memmove instead of overlapping memcpy
2018-12-08 13:05:05 +01:00
events
uprobes: Fix handle_swbp() vs. unregister() + register() race once more
2018-12-08 13:05:06 +01:00
gcov
gcov: support GCC 7.1
2017-09-02 07:07:53 +02:00
irq
genirq: Fix race on spurious interrupt detection
2018-11-13 11:17:01 -08:00
livepatch
livepatch/module: make TAINT_LIVEPATCH module-specific
2016-08-26 14:42:08 +02:00
locking
locking/lockdep: Fix debug_locks off performance problem
2018-11-13 11:16:48 -08:00
power
PM / sleep: wakeup: Fix build error caused by missing SRCU support
2018-09-09 20:01:23 +02:00
printk
printk: Fix panic caused by passing log_buf_len to command line
2018-11-13 11:17:01 -08:00
rcu
rcu: Call touch_nmi_watchdog() while printing stall warnings
2018-05-30 07:50:50 +02:00
sched
sched/core: Allow __sched_setscheduler() in interrupts when PI is not used
2018-12-01 09:44:25 +01:00
time
posix-timers: Sanitize overrun handling
2018-11-10 07:43:01 -08:00
trace
ring-buffer: Allow for rescheduling when removing pages
2018-09-29 03:07:32 -07:00
.gitignore
acct.c
kernel/acct.c: fix the acct->needcheck check in check_free_space()
2018-01-10 09:29:51 +01:00
async.c
kernel/async.c: revert "async: simplify lowest_in_progress()"
2018-02-17 13:21:18 +01:00
audit_fsnotify.c
audit_tree.c
audit: cleanup prune_tree_thread
2016-04-04 09:46:47 -04:00
audit_watch.c
audit: fix use-after-free in audit_add_watch
2018-09-26 08:36:37 +02:00
audit.c
audit: return on memory error to avoid null pointer dereference
2018-05-30 07:50:49 +02:00
audit.h
Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit
2016-07-29 17:54:17 -07:00
auditfilter.c
audit: allow not equal op for audit by executable
2018-08-03 07:55:25 +02:00
auditsc.c
audit: allow not equal op for audit by executable
2018-08-03 07:55:25 +02:00
backtracetest.c
bounds.c
kbuild: fix kernel/bounds.c 'W=1' warning
2018-11-13 11:16:57 -08:00
capability.c
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
2017-01-06 10:40:13 +01:00
cgroup_freezer.c
cgroup_pids.c
cgroup/pids: remove spurious suspicious RCU usage warning
2017-03-26 13:05:58 +02:00
cgroup.c
cgroup: Fix deadlock in cpu hotplug path
2018-10-13 09:18:56 +02:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation"
2018-11-23 12:57:41 +01:00
cpuset.c
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:51:25 +02:00
crash_dump.c
cred.c
cred: Reject inodes with invalid ids in set_create_file_as()
2016-06-30 18:05:09 -05:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c
kernel/exit.c: avoid undefined behaviour when calling wait4()
2018-05-19 10:27:01 +02:00
extable.c
kernel/extable.c: mark core_kernel_text notrace
2017-07-21 07:42:21 +02:00
fork.c
kthread: Fix use-after-free if kthread fork fails
2018-09-19 22:47:10 +02:00
freezer.c
freezer, oom: check TIF_MEMDIE on the correct task
2016-07-28 16:07:41 -07:00
futex_compat.c
futex.c
futex: futex_wake_op, do not fail on invalid op
2018-11-10 07:42:54 -08:00
groups.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:29:52 +01:00
hung_task.c
hung_task: allow hung_task_panic when hung_task_warnings is 0
2016-10-11 15:06:33 -07:00
irq_work.c
jump_label.c
jump_label: Invoke jump_label_test() via early_initcall()
2017-12-14 09:28:24 +01:00
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: ensure irq code sees a valid area
2018-08-03 07:55:12 +02:00
kexec_core.c
objtool, x86: Add several functions and files to the objtool whitelist
2018-06-05 10:28:57 +02:00
kexec_file.c
kexec: fix double-free when failing to relocate the purgatory
2016-09-01 17:52:01 -07:00
kexec_internal.h
kexec.c
kexec: allow architectures to override boot mapping
2016-08-02 19:35:27 -04:00
kmod.c
kprobes.c
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
2018-11-13 11:16:50 -08:00
ksysfs.c
kexec: add a kexec_crash_loaded() function
2016-08-02 19:35:30 -04:00
kthread.c
kthread, tracing: Don't expose half-written comm when creating kthreads
2018-08-03 07:55:12 +02:00
latencytop.c
Makefile
kernel/watchdog.c: move hardlockup detector to separate file
2017-06-17 06:41:57 +02:00
membarrier.c
Fix: Disable sys_membarrier when nohz_full is enabled
2017-03-12 06:41:45 +01:00
memremap.c
mm: Fix devm_memremap_pages() collision handling
2018-02-28 10:18:34 +01:00
module_signing.c
KEYS: Move the point of trust determination to __key_link()
2016-04-11 22:43:43 +01:00
module-internal.h
module.c
module: exclude SHN_UNDEF symbols from kallsyms api
2018-10-03 17:01:48 -07:00
notifier.c
nsproxy.c
padata.c
padata: free correct variable
2017-05-20 14:28:40 +02:00
panic.c
kernel/panic.c: add missing \n
2017-07-05 14:40:24 +02:00
params.c
pid_namespace.c
pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
2017-05-25 15:44:38 +02:00
pid.c
pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
2018-04-13 19:47:53 +02:00
profile.c
profile: Convert to hotplug state machine
2016-07-15 10:41:42 +02:00
ptrace.c
ptrace: Properly initialize ptracer_cred on fork
2017-06-14 15:05:54 +02:00
range.c
reboot.c
relay.c
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
2018-05-30 07:50:29 +02:00
resource.c
resource: fix integer overflow at reallocation
2018-04-24 09:34:09 +02:00
seccomp.c
seccomp: Move speculation migitation control to arch code
2018-05-22 16:58:02 +02:00
signal.c
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
2018-11-13 11:16:53 -08:00
smp.c
cpu/hotplug: Fix SMT supported evaluation
2018-08-15 18:14:53 +02:00
smpboot.c
kthread/smpboot: do not park in kthread_create_on_cpu()
2016-10-11 15:06:33 -07:00
smpboot.h
softirq.c
Mark HI and TASKLET softirq synchronous
2018-08-15 18:14:42 +02:00
stacktrace.c
stacktrace, lockdep: Fix address, newline ugliness
2017-02-14 15:25:42 -08:00
stop_machine.c
stop_machine: Use raw spinlocks
2018-08-03 07:55:24 +02:00
sys_ni.c
x86/pkeys: Fix pkeys build breakage for some non-x86 arches
2016-09-13 14:41:36 +02:00
sys.c
sys: don't hold uts_sem while accessing userspace memory
2018-09-09 20:01:24 +02:00
sysctl_binary.c
kernel/sysctl_binary.c: use generic UUID library
2016-05-20 17:58:30 -07:00
sysctl.c
namei: allow restricted O_CREAT of FIFOs and regular files
2018-12-01 09:44:25 +01:00
task_work.c
task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works
2016-08-02 19:35:02 -04:00
taskstats.c
taskstats: fix the length of cgroupstats_cmd_get_policy
2016-11-03 16:55:58 -04:00
test_kprobes.c
torture.c
torture: Convert torture_shutdown() to hrtimer
2016-08-22 10:01:49 -07:00
tracepoint.c
tracepoint: Do not warn on ENOMEM
2018-05-09 09:50:20 +02:00
tsacct.c
ucount.c
kernel/ucount.c: mark user_header with kmemleak_ignore()
2017-06-17 06:41:51 +02:00
uid16.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:29:52 +01:00
up.c
smp: Add function to execute a function synchronously on a CPU
2016-09-05 13:52:39 +02:00
user_namespace.c
userns: move user access out of the mutex
2018-09-09 20:01:24 +02:00
user-return-notifier.c
user.c
utsname_sysctl.c
sys: don't hold uts_sem while accessing userspace memory
2018-09-09 20:01:24 +02:00
utsname.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
watchdog_hld.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
watchdog.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
workqueue_internal.h
workqueue: Fix NULL pointer dereference
2017-11-15 15:53:17 +01:00
workqueue.c
workqueue: use put_device() instead of kfree()
2018-05-30 07:50:36 +02:00