raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 02:19:54 +00:00
Code Issues Projects Releases Wiki Activity
Files
373386ec3f70088a87cd0147d97e47cd1b59b51a
linux/kernel
History
Daniel Borkmann 3695b3b185 bpf: fix incorrect sign extension in check_alu_op() 
From: Jann Horn <jannh@google.com>

[ Upstream commit 95a762e2c8 ]

Distinguish between
BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit)
and BPF_ALU|BPF_MOV|BPF_K (load 32-bit immediate, zero-padded to 64-bit);
only perform sign extension in the first case.

Starting with v4.14, this is exploitable by unprivileged users as long as
the unprivileged_bpf_disabled sysctl isn't set.

Debian assigned CVE-2017-16995 for this issue.

v3:
 - add CVE number (Ben Hutchings)

Fixes: 484611357c ("bpf: allow access into map value arrays")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-25 14:23:47 +01:00
..
bpf
bpf: fix incorrect sign extension in check_alu_op()
2017-12-25 14:23:47 +01:00
configs
config: android: enable CONFIG_SECCOMP
2016-10-11 15:06:32 -07:00
debug
kdb: Fix handling of kallsyms_symbol_next() return value
2017-12-14 09:28:13 +01:00
events
perf/x86/intel: Account interrupts for PEBS errors
2017-12-09 22:01:52 +01:00
gcov
gcov: support GCC 7.1
2017-09-02 07:07:53 +02:00
irq
genirq: Make sparse_irq_lock protect what it should protect
2017-10-05 09:43:58 +02:00
livepatch
livepatch/module: make TAINT_LIVEPATCH module-specific
2016-08-26 14:42:08 +02:00
locking
locking/lockdep: Add nest_lock integrity test
2017-10-21 17:21:33 +02:00
power
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:51:25 +02:00
printk
printk: use rcuidle console tracepoint
2017-02-23 17:44:36 +01:00
rcu
rcu: Allow for page faults in NMI handlers
2017-10-18 09:35:38 +02:00
sched
sched/deadline: Use deadline instead of period when calculating overflow
2017-12-20 10:07:23 +01:00
time
hrtimer: Catch invalid clockids again
2017-10-21 17:21:38 +02:00
trace
tracing: Exclude 'generic fields' from histograms
2017-12-25 14:23:44 +01:00
.gitignore
certs: add .gitignore to stop git nagging about x509_certificate_list
2015-10-21 15:18:35 +01:00
acct.c
async.c
async: export current_is_async()
2015-11-19 17:51:48 +01:00
audit_fsnotify.c
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
audit_tree.c
audit: cleanup prune_tree_thread
2016-04-04 09:46:47 -04:00
audit_watch.c
audit: Fix use after free in audit_remove_watch_rule()
2017-08-24 17:12:18 -07:00
audit.c
audit: ensure that 'audit=1' actually enables audit for PID 1
2017-12-16 16:25:47 +01:00
audit.h
Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit
2016-07-29 17:54:17 -07:00
auditfilter.c
audit: add fields to exclude filter by reusing user filter
2016-06-27 11:01:00 -04:00
auditsc.c
Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit
2016-10-04 14:21:41 -07:00
backtracetest.c
bounds.c
capability.c
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
2017-01-06 10:40:13 +01:00
cgroup_freezer.c
cgroup: kill cgrp_ss_priv[CGROUP_CANFORK_COUNT] and friends
2015-12-03 10:24:08 -05:00
cgroup_pids.c
cgroup/pids: remove spurious suspicious RCU usage warning
2017-03-26 13:05:58 +02:00
cgroup.c
cgroup: fix error return value from cgroup_subtree_control()
2017-08-11 08:49:28 -07:00
compat.c
configs.c
context_tracking.c
context_tracking: Switch to new static_branch API
2015-11-24 09:56:43 +01:00
cpu_pm.c
kernel/cpu_pm: fix cpu_cluster_pm_exit comment
2015-09-03 02:42:20 +02:00
cpu.c
smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
2017-12-14 09:28:13 +01:00
cpuset.c
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:51:25 +02:00
crash_dump.c
cred.c
cred: Reject inodes with invalid ids in set_create_file_as()
2016-06-30 18:05:09 -05:00
delayacct.c
kmemcg: account certain kmem allocations to memcg
2016-01-14 16:00:49 -08:00
dma.c
elfcore.c
exec_domain.c
exit.c
sched/autogroup: Do not use autogroup->tg in zombie threads
2016-11-22 12:33:43 +01:00
extable.c
kernel/extable.c: mark core_kernel_text notrace
2017-07-21 07:42:21 +02:00
fork.c
mm, uprobes: fix multiple free of ->uprobes_state.xol_area
2017-09-07 08:35:39 +02:00
freezer.c
freezer, oom: check TIF_MEMDIE on the correct task
2016-07-28 16:07:41 -07:00
futex_compat.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-01-20 17:09:18 -08:00
futex.c
futex: Remove unnecessary warning from get_futex_key
2017-08-16 13:43:15 -07:00
groups.c
cred: simpler, 1D supplementary groups
2016-10-07 18:46:30 -07:00
hung_task.c
hung_task: allow hung_task_panic when hung_task_warnings is 0
2016-10-11 15:06:33 -07:00
irq_work.c
treewide: Remove old email address
2015-11-23 09:44:58 +01:00
jump_label.c
jump_label: Invoke jump_label_test() via early_initcall()
2017-12-14 09:28:24 +01:00
kallsyms.c
kallsyms: add support for relative offsets in kallsyms address table
2016-03-15 16:55:16 -07:00
kcmp.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-01-20 17:09:18 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: add missing #include <linux/sched.h>
2016-12-07 17:10:00 -08:00
kexec_core.c
kexec: add restriction on kexec_load() segment sizes
2016-08-02 19:35:31 -04:00
kexec_file.c
kexec: fix double-free when failing to relocate the purgatory
2016-09-01 17:52:01 -07:00
kexec_internal.h
kexec: move some memembers and definitions within the scope of CONFIG_KEXEC_FILE
2016-01-20 17:09:18 -08:00
kexec.c
kexec: allow architectures to override boot mapping
2016-08-02 19:35:27 -04:00
kmod.c
kmod: don't run async usermode helper as a child of kworker thread
2015-10-23 17:55:10 +09:00
kprobes.c
tracing/kprobes: Enforce kprobes teardown after testing
2017-05-25 15:44:47 +02:00
ksysfs.c
kexec: add a kexec_crash_loaded() function
2016-08-02 19:35:30 -04:00
kthread.c
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
2017-04-21 09:31:18 +02:00
latencytop.c
sched/debug: Make schedstats a runtime tunable that is disabled by default
2016-02-09 11:54:23 +01:00
Makefile
kernel/watchdog.c: move hardlockup detector to separate file
2017-06-17 06:41:57 +02:00
membarrier.c
Fix: Disable sys_membarrier when nohz_full is enabled
2017-03-12 06:41:45 +01:00
memremap.c
mm, devm_memremap_pages: hold device_hotplug lock over mem_hotplug_{begin, done}
2017-03-12 06:41:43 +01:00
module_signing.c
KEYS: Move the point of trust determination to __key_link()
2016-04-11 22:43:43 +01:00
module-internal.h
module.c
Re-enable CONFIG_MODVERSIONS in a slightly weaker form
2016-11-29 16:01:30 -08:00
notifier.c
Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2015-09-01 08:40:25 -07:00
nsproxy.c
cgroup: introduce cgroup namespaces
2016-02-16 13:04:58 -05:00
padata.c
padata: free correct variable
2017-05-20 14:28:40 +02:00
panic.c
kernel/panic.c: add missing \n
2017-07-05 14:40:24 +02:00
params.c
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
2015-11-09 15:53:39 -08:00
pid_namespace.c
pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
2017-05-25 15:44:38 +02:00
pid.c
pids: make task_tgid_nr_ns() safe
2017-08-24 17:12:21 -07:00
profile.c
profile: Convert to hotplug state machine
2016-07-15 10:41:42 +02:00
ptrace.c
ptrace: Properly initialize ptracer_cred on fork
2017-06-14 15:05:54 +02:00
range.c
reboot.c
kexec: split kexec_load syscall from kexec core code
2015-09-10 13:29:01 -07:00
relay.c
relay: check array offset before using it
2017-01-12 11:39:30 +01:00
resource.c
/proc/iomem: only expose physical resource addresses to privileged users
2016-04-14 12:56:09 -07:00
seccomp.c
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
2017-10-05 09:44:02 +02:00
signal.c
signal: protect SIGNAL_UNKILLABLE from unintentional clearing.
2017-08-11 08:49:36 -07:00
smp.c
smp: Allocate smp_call_on_cpu() workqueue on stack too
2016-09-22 14:49:10 +02:00
smpboot.c
kthread/smpboot: do not park in kthread_create_on_cpu()
2016-10-11 15:06:33 -07:00
smpboot.h
cpu/hotplug: Create hotplug threads
2016-03-01 20:36:56 +01:00
softirq.c
softirq: Display IRQ_POLL for irq-poll statistics
2016-10-21 15:45:47 -06:00
stacktrace.c
stacktrace, lockdep: Fix address, newline ugliness
2017-02-14 15:25:42 -08:00
stop_machine.c
Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2016-10-03 13:39:00 -07:00
sys_ni.c
x86/pkeys: Fix pkeys build breakage for some non-x86 arches
2016-09-13 14:41:36 +02:00
sys.c
prctl: make PR_SET_THP_DISABLE wait for mmap_sem killable
2016-05-23 17:04:14 -07:00
sysctl_binary.c
kernel/sysctl_binary.c: use generic UUID library
2016-05-20 17:58:30 -07:00
sysctl.c
timer/sysclt: Restrict timer migration sysctl values to 0 and 1
2017-10-05 09:44:04 +02:00
task_work.c
task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works
2016-08-02 19:35:02 -04:00
taskstats.c
taskstats: fix the length of cgroupstats_cmd_get_policy
2016-11-03 16:55:58 -04:00
test_kprobes.c
torture.c
torture: Convert torture_shutdown() to hrtimer
2016-08-22 10:01:49 -07:00
tracepoint.c
kernel/...: convert pr_warning to pr_warn
2016-03-22 15:36:02 -07:00
tsacct.c
time, acct: Drop irq save & restore from __acct_update_integrals()
2016-02-29 09:53:09 +01:00
ucount.c
kernel/ucount.c: mark user_header with kmemleak_ignore()
2017-06-17 06:41:51 +02:00
uid16.c
cred: simpler, 1D supplementary groups
2016-10-07 18:46:30 -07:00
up.c
smp: Add function to execute a function synchronously on a CPU
2016-09-05 13:52:39 +02:00
user_namespace.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
watchdog_hld.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
watchdog.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
workqueue_internal.h
workqueue: Fix NULL pointer dereference
2017-11-15 15:53:17 +01:00
workqueue.c
workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
2017-12-14 09:28:19 +01:00