Daniel Borkmann d75d3ee237 bpf: reject out-of-bounds stack pointer calculation ...

From: Jann Horn <jannh@google.com>

Reject programs that compute wildly out-of-bounds stack pointers.
Otherwise, pointers can be computed with an offset that doesn't fit into an
`int`, causing security issues in the stack memory access check (as well as
signed integer overflow during offset addition).

This is a fix specifically for the v4.9 stable tree because the mainline
code looks very different at this point.

Fixes: 7bca0a9702 ("bpf: enhance verifier to understand stack pointer arithmetic")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2017-12-25 14:23:47 +01:00

..

bpf

bpf: reject out-of-bounds stack pointer calculation

2017-12-25 14:23:47 +01:00

configs

config: android: enable CONFIG_SECCOMP

2016-10-11 15:06:32 -07:00

debug

kdb: Fix handling of kallsyms_symbol_next() return value

2017-12-14 09:28:13 +01:00

events

perf/x86/intel: Account interrupts for PEBS errors

2017-12-09 22:01:52 +01:00

gcov

gcov: support GCC 7.1

2017-09-02 07:07:53 +02:00

irq

genirq: Make sparse_irq_lock protect what it should protect

2017-10-05 09:43:58 +02:00

livepatch

livepatch/module: make TAINT_LIVEPATCH module-specific

2016-08-26 14:42:08 +02:00

locking

locking/lockdep: Add nest_lock integrity test

2017-10-21 17:21:33 +02:00

power

sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs

2017-10-12 11:51:25 +02:00

printk

printk: use rcuidle console tracepoint

2017-02-23 17:44:36 +01:00

rcu

rcu: Allow for page faults in NMI handlers

2017-10-18 09:35:38 +02:00

sched

sched/deadline: Use deadline instead of period when calculating overflow

2017-12-20 10:07:23 +01:00

time

hrtimer: Catch invalid clockids again

2017-10-21 17:21:38 +02:00

trace

tracing: Exclude 'generic fields' from histograms

2017-12-25 14:23:44 +01:00

.gitignore

certs: add .gitignore to stop git nagging about x509_certificate_list

2015-10-21 15:18:35 +01:00

acct.c

acct: check FMODE_CAN_WRITE

2015-04-11 22:27:55 -04:00

async.c

async: export current_is_async()

2015-11-19 17:51:48 +01:00

audit_fsnotify.c

wrappers for ->i_mutex access

2016-01-22 18:04:28 -05:00

audit_tree.c

audit: cleanup prune_tree_thread

2016-04-04 09:46:47 -04:00

audit_watch.c

audit: Fix use after free in audit_remove_watch_rule()

2017-08-24 17:12:18 -07:00

audit.c

audit: ensure that 'audit=1' actually enables audit for PID 1

2017-12-16 16:25:47 +01:00

audit.h

Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit

2016-07-29 17:54:17 -07:00

auditfilter.c

audit: add fields to exclude filter by reusing user filter

2016-06-27 11:01:00 -04:00

auditsc.c

Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit

2016-10-04 14:21:41 -07:00

backtracetest.c

…

bounds.c

…

capability.c

ptrace: Capture the ptracer's creds not PT_PTRACE_CAP

2017-01-06 10:40:13 +01:00

cgroup_freezer.c

cgroup: kill cgrp_ss_priv[CGROUP_CANFORK_COUNT] and friends

2015-12-03 10:24:08 -05:00

cgroup_pids.c

cgroup/pids: remove spurious suspicious RCU usage warning

2017-03-26 13:05:58 +02:00

cgroup.c

cgroup: fix error return value from cgroup_subtree_control()

2017-08-11 08:49:28 -07:00

compat.c

compat: cleanup coding in compat_get_bitmap() and compat_put_bitmap()

2015-06-04 23:57:18 +02:00

configs.c

…

context_tracking.c

context_tracking: Switch to new static_branch API

2015-11-24 09:56:43 +01:00

cpu_pm.c

kernel/cpu_pm: fix cpu_cluster_pm_exit comment

2015-09-03 02:42:20 +02:00

cpu.c

smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place

2017-12-14 09:28:13 +01:00

cpuset.c

sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs

2017-10-12 11:51:25 +02:00

crash_dump.c

…

cred.c

cred: Reject inodes with invalid ids in set_create_file_as()

2016-06-30 18:05:09 -05:00

delayacct.c

kmemcg: account certain kmem allocations to memcg

2016-01-14 16:00:49 -08:00

dma.c

…

elfcore.c

…

exec_domain.c

Remove rest of exec domains.

2015-04-12 21:03:31 +02:00

exit.c

sched/autogroup: Do not use autogroup->tg in zombie threads

2016-11-22 12:33:43 +01:00

extable.c

kernel/extable.c: mark core_kernel_text notrace

2017-07-21 07:42:21 +02:00

fork.c

mm, uprobes: fix multiple free of ->uprobes_state.xol_area

2017-09-07 08:35:39 +02:00

freezer.c

freezer, oom: check TIF_MEMDIE on the correct task

2016-07-28 16:07:41 -07:00

futex_compat.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-01-20 17:09:18 -08:00

futex.c

futex: Remove unnecessary warning from get_futex_key

2017-08-16 13:43:15 -07:00

groups.c

cred: simpler, 1D supplementary groups

2016-10-07 18:46:30 -07:00

hung_task.c

hung_task: allow hung_task_panic when hung_task_warnings is 0

2016-10-11 15:06:33 -07:00

irq_work.c

treewide: Remove old email address

2015-11-23 09:44:58 +01:00

jump_label.c

jump_label: Invoke jump_label_test() via early_initcall()

2017-12-14 09:28:24 +01:00

kallsyms.c

kallsyms: add support for relative offsets in kallsyms address table

2016-03-15 16:55:16 -07:00

kcmp.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-01-20 17:09:18 -08:00

Kconfig.freezer

…

Kconfig.hz

…

Kconfig.locks

locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS

2015-05-12 09:46:00 +02:00

Kconfig.preempt

…

kcov.c

kcov: add missing #include <linux/sched.h>

2016-12-07 17:10:00 -08:00

kexec_core.c

kexec: add restriction on kexec_load() segment sizes

2016-08-02 19:35:31 -04:00

kexec_file.c

kexec: fix double-free when failing to relocate the purgatory

2016-09-01 17:52:01 -07:00

kexec_internal.h

kexec: move some memembers and definitions within the scope of CONFIG_KEXEC_FILE

2016-01-20 17:09:18 -08:00

kexec.c

kexec: allow architectures to override boot mapping

2016-08-02 19:35:27 -04:00

kmod.c

kmod: don't run async usermode helper as a child of kworker thread

2015-10-23 17:55:10 +09:00

kprobes.c

tracing/kprobes: Enforce kprobes teardown after testing

2017-05-25 15:44:47 +02:00

ksysfs.c

kexec: add a kexec_crash_loaded() function

2016-08-02 19:35:30 -04:00

kthread.c

cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups

2017-04-21 09:31:18 +02:00

latencytop.c

sched/debug: Make schedstats a runtime tunable that is disabled by default

2016-02-09 11:54:23 +01:00

Makefile

kernel/watchdog.c: move hardlockup detector to separate file

2017-06-17 06:41:57 +02:00

membarrier.c

Fix: Disable sys_membarrier when nohz_full is enabled

2017-03-12 06:41:45 +01:00

memremap.c

mm, devm_memremap_pages: hold device_hotplug lock over mem_hotplug_{begin, done}

2017-03-12 06:41:43 +01:00

module_signing.c

KEYS: Move the point of trust determination to __key_link()

2016-04-11 22:43:43 +01:00

module-internal.h

…

module.c

Re-enable CONFIG_MODVERSIONS in a slightly weaker form

2016-11-29 16:01:30 -08:00

notifier.c

Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2015-09-01 08:40:25 -07:00

nsproxy.c

cgroup: introduce cgroup namespaces

2016-02-16 13:04:58 -05:00

padata.c

padata: free correct variable

2017-05-20 14:28:40 +02:00

panic.c

kernel/panic.c: add missing \n

2017-07-05 14:40:24 +02:00

params.c

Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

2015-11-09 15:53:39 -08:00

pid_namespace.c

pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes

2017-05-25 15:44:38 +02:00

pid.c

pids: make task_tgid_nr_ns() safe

2017-08-24 17:12:21 -07:00

profile.c

profile: Convert to hotplug state machine

2016-07-15 10:41:42 +02:00

ptrace.c

ptrace: Properly initialize ptracer_cred on fork

2017-06-14 15:05:54 +02:00

range.c

kernel: avoid overflow in cmp_range

2015-01-17 10:02:23 +13:00

reboot.c

kexec: split kexec_load syscall from kexec core code

2015-09-10 13:29:01 -07:00

relay.c

relay: check array offset before using it

2017-01-12 11:39:30 +01:00

resource.c

/proc/iomem: only expose physical resource addresses to privileged users

2016-04-14 12:56:09 -07:00

seccomp.c

seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()

2017-10-05 09:44:02 +02:00

signal.c

signal: protect SIGNAL_UNKILLABLE from unintentional clearing.

2017-08-11 08:49:36 -07:00

smp.c

smp: Allocate smp_call_on_cpu() workqueue on stack too

2016-09-22 14:49:10 +02:00

smpboot.c

kthread/smpboot: do not park in kthread_create_on_cpu()

2016-10-11 15:06:33 -07:00

smpboot.h

cpu/hotplug: Create hotplug threads

2016-03-01 20:36:56 +01:00

softirq.c

softirq: Display IRQ_POLL for irq-poll statistics

2016-10-21 15:45:47 -06:00

stacktrace.c

stacktrace, lockdep: Fix address, newline ugliness

2017-02-14 15:25:42 -08:00

stop_machine.c

Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2016-10-03 13:39:00 -07:00

sys_ni.c

x86/pkeys: Fix pkeys build breakage for some non-x86 arches

2016-09-13 14:41:36 +02:00

sys.c

prctl: make PR_SET_THP_DISABLE wait for mmap_sem killable

2016-05-23 17:04:14 -07:00

sysctl_binary.c

kernel/sysctl_binary.c: use generic UUID library

2016-05-20 17:58:30 -07:00

sysctl.c

timer/sysclt: Restrict timer migration sysctl values to 0 and 1

2017-10-05 09:44:04 +02:00

task_work.c

task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works

2016-08-02 19:35:02 -04:00

taskstats.c

taskstats: fix the length of cgroupstats_cmd_get_policy

2016-11-03 16:55:58 -04:00

test_kprobes.c

…

torture.c

torture: Convert torture_shutdown() to hrtimer

2016-08-22 10:01:49 -07:00

tracepoint.c

kernel/...: convert pr_warning to pr_warn

2016-03-22 15:36:02 -07:00

tsacct.c

time, acct: Drop irq save & restore from __acct_update_integrals()

2016-02-29 09:53:09 +01:00

ucount.c

kernel/ucount.c: mark user_header with kmemleak_ignore()

2017-06-17 06:41:51 +02:00

uid16.c

cred: simpler, 1D supplementary groups

2016-10-07 18:46:30 -07:00

up.c

smp: Add function to execute a function synchronously on a CPU

2016-09-05 13:52:39 +02:00

user_namespace.c

Merge branch 'nsfs-ioctls' into HEAD

2016-09-22 20:00:36 -05:00

user-return-notifier.c

…

user.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

2014-12-17 12:31:40 -08:00

utsname_sysctl.c

…

utsname.c

Merge branch 'nsfs-ioctls' into HEAD

2016-09-22 20:00:36 -05:00

watchdog_hld.c

kernel/watchdog: prevent false hardlockup on overloaded system

2017-06-17 06:41:57 +02:00

watchdog.c

kernel/watchdog: prevent false hardlockup on overloaded system

2017-06-17 06:41:57 +02:00

workqueue_internal.h

workqueue: Fix NULL pointer dereference

2017-11-15 15:53:17 +01:00

workqueue.c

workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq

2017-12-14 09:28:19 +01:00