From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56FCFC10F00 for ; Tue, 12 Mar 2019 11:52:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1CBB6206DF for ; Tue, 12 Mar 2019 11:52:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552391557; bh=na7RKu+LVwBAgibuqtX3FpOgtfxAiaYOs3HOJm+0mEY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=mWm6Pbynd6JJNM4Dy7CCtd/BTxI9f4AlcgwPlK56zuHB3jPUlCzMty3H5tcoWAX96 1WoymYjrQQtPQInqas0dGALKY3QnVq2ZqWPtIigDjkkaU8Cin3EC/lLg4h4B2+UU4j 0slh0aD6tSeTRpWVyHCoYhIqXFHWQz9Bfh2e/Oeo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726365AbfCLLwg (ORCPT ); Tue, 12 Mar 2019 07:52:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:40038 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725873AbfCLLwg (ORCPT ); Tue, 12 Mar 2019 07:52:36 -0400 Received: from localhost (unknown [12.27.65.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 47F6620657; Tue, 12 Mar 2019 11:52:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552391555; bh=na7RKu+LVwBAgibuqtX3FpOgtfxAiaYOs3HOJm+0mEY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HeJ7hFQrz/LeGJVXK9QWYDRYg96IBYNRgl/AlUA6A8XZVS04mh2bKJyC66P3oEziL kUEI8pJrjrjLg67q3CEiKrkN2OlWVUIoDfNf/sgqVHEH+MsIxPRV87b2ZkrDtb/Xxy u6vIYdCRO6uwWGZBcRiX82ytc0hmHKBMt8ofaCGI= Date: Tue, 12 Mar 2019 04:52:34 -0700 From: Greg KH To: Jason Yan Cc: daniel@iogearbox.net, Jann Horn , ast@kernel.org, "zhangyi (F)" , Zhaohongjiang , netdev@vger.kernel.org, stable@vger.kernel.org Subject: Re: 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 bpf: prevent out of bounds speculation on pointer arithmetic Message-ID: <20190312115234.GA29195@kroah.com> References: <5d71646c-f897-2178-9d4a-fababe999f36@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5d71646c-f897-2178-9d4a-fababe999f36@huawei.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Mon, Mar 11, 2019 at 05:18:33PM +0800, Jason Yan wrote: > Hi, Daniel & Greg > > This patch (979d63d50c0c bpf: prevent out of bounds speculation on pointer > arithmetic) was assigned a CVE (CVE-2019-7308) with a high score: > > CVSS v3.0 Severity and Metrics: > Base Score: 9.8 CRITICAL > > And this patch is not in stable-4.4, would you please backport this patch to > 4.4? For a bit more context, it's also not in 4.14.y, 4.9.y, or 4.4.y. I found a backported series for 4.4.y in the SLES kernel tree that I could try to import here if it really is a big deal. I'm on the road this week, but if you could take a look at the SLES patches and see if those work for you, and then forward them here, I will be glad to queue them up. Also if you could do the work for 4.14.y and 4.9.y I'm sure lots of people would appreciate it :) thanks, greg k-h