From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:37604 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754142AbeCRM5G (ORCPT
        <rfc822;stable@vger.kernel.org>); Sun, 18 Mar 2018 08:57:06 -0400
Date: Sun, 18 Mar 2018 13:57:04 +0100
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org, security@kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Alexei Starovoitov <ast@kernel.org>
Subject: Re: requesting stable backport for 4.1 and 4.4: 95a762e2c8c9 ("bpf:
 fix incorrect sign extension in check_alu_op()")
Message-ID: <20180318125704.GA20139@kroah.com>
References: <CAG48ez3KKv_J5j45rUb_n_jCLt=fCHZY2LKy9VXhN5QzTPns+Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez3KKv_J5j45rUb_n_jCLt=fCHZY2LKy9VXhN5QzTPns+Q@mail.gmail.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Sat, Mar 17, 2018 at 07:17:17PM -0700, Jann Horn wrote:
> Hi!
> 
> Someone on Twitter
> (https://twitter.com/vnik5287/status/974277953394651137) is pointing
> out that the BPF fix commit 95a762e2c8c942780948091f8f2a4f32fce1ac6f
> ("bpf: fix incorrect sign extension in check_alu_op()") needs to be
> applied all the way back to 4.4, and probably also 4.1; my "Fixes:"
> tag on that commit is incorrect. I assumed that without map access,
> math correctness issues don't matter, but actually, this one does
> matter because check_cond_jmp_op() will omit verification for branches
> that appear to be unreachable (comparison of CONST_IMM register and a
> constant value). :/

Ok, but the patch doesn't apply cleanly to 4.4.y, and I don't know the
bpf code well enough to do it myself.  Can you provide a working
backport so that I can queue it up?

thanks,

greg k-h