diff options
| -rw-r--r-- | 0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch | 57 | ||||
| -rw-r--r-- | PKGBUILD | 9 | ||||
| -rw-r--r-- | config | 10 |
3 files changed, 68 insertions, 8 deletions
diff --git a/0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch b/0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch new file mode 100644 index 0000000..4e866fa --- /dev/null +++ b/0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch @@ -0,0 +1,57 @@ +From 9ff88052dbb54cdb7b05d91561b3540056c96e83 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Mon, 30 Mar 2020 22:37:11 +0200 +Subject: Revert "bpf: Provide better register bounds after jmp32 instructions" + +This reverts commit 581738a681b6faae5725c2555439189ca81c0f1f. +--- + kernel/bpf/verifier.c | 19 ------------------- + 1 file changed, 19 deletions(-) + +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c +index 7d530ce8719d..79f38a281390 100644 +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -1034,17 +1034,6 @@ static void __reg_bound_offset(struct bpf_reg_state *reg) + reg->umax_value)); + } + +-static void __reg_bound_offset32(struct bpf_reg_state *reg) +-{ +- u64 mask = 0xffffFFFF; +- struct tnum range = tnum_range(reg->umin_value & mask, +- reg->umax_value & mask); +- struct tnum lo32 = tnum_cast(reg->var_off, 4); +- struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32); +- +- reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range)); +-} +- + /* Reset the min/max bounds of a register */ + static void __mark_reg_unbounded(struct bpf_reg_state *reg) + { +@@ -5677,10 +5666,6 @@ static void reg_set_min_max(struct bpf_reg_state *true_reg, + /* We might have learned some bits from the bounds. */ + __reg_bound_offset(false_reg); + __reg_bound_offset(true_reg); +- if (is_jmp32) { +- __reg_bound_offset32(false_reg); +- __reg_bound_offset32(true_reg); +- } + /* Intersecting with the old var_off might have improved our bounds + * slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc), + * then new var_off is (0; 0x7f...fc) which improves our umax. +@@ -5790,10 +5775,6 @@ static void reg_set_min_max_inv(struct bpf_reg_state *true_reg, + /* We might have learned some bits from the bounds. */ + __reg_bound_offset(false_reg); + __reg_bound_offset(true_reg); +- if (is_jmp32) { +- __reg_bound_offset32(false_reg); +- __reg_bound_offset32(true_reg); +- } + /* Intersecting with the old var_off might have improved our bounds + * slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc), + * then new var_off is (0; 0x7f...fc) which improves our umax. +-- +cgit v1.2.3-1-gf6bb5 + @@ -20,7 +20,7 @@ pkgbase=linux-libre-hardened _supver=5 _majver=5 _minver=13 -_hardenedver=a +_hardenedver=b _gccpatchver='20191217' _gccpatchger='9.1' _gccpatchker='5.5' @@ -58,6 +58,7 @@ source=( 0009-drm-i915-Add-a-simple-is-bound-check-before-unbinding.patch 0010-drm-i915-Introduce-a-vma.kref.patch 0011-iwlwifi-dont-send-GEO_TX_POWER_LIMIT-if-no-wgds-table.patch + 0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch graysky_bdver2-hotfix.patch kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch @@ -73,7 +74,7 @@ validpgpkeys=( ) b2sums=('a4d4c927af24f61aba451cc21117c5a508ab2037b81ca6add19b4838940f8f321c8bf14b2d35e388f93801d92b296a998c15d2aac92dc2df761322e7ea37dd1d' 'SKIP' - 'd0d1ed49e1f6b537137b486fb4092e1a1ef79c6fbdb9ce36a842a67e176090bf11cac4baf53356ccbb4a1c09689ae130bb1721ba779fdd231c03f46b08df04d0' + '0675b661107ccef3c8e61fe5d96d285d92cee67bdf7ea6ad9b972bf1409b141111e0f5ee6ae898e43154b4416fb693fa361249158833b48a322ae58c513d0859' 'SKIP' '2e822cf7d4ff8b7458e22d3ce110fd8534e17a9aac2feace41c591f70697e1fab7bd9ce307c60a6361fbe525d10dab74c8b76fcb5276cd27f6e945f8fdfcc25c' 'd8027cd96a447ea0987a67f3e65d157bb3d396069a944b140610f74c663677fe45e171e96a92dfd5eda8f71a5c715fd8114ee0e60b7620bc401a2a548bcf83cc' @@ -85,11 +86,12 @@ b2sums=('a4d4c927af24f61aba451cc21117c5a508ab2037b81ca6add19b4838940f8f321c8bf14 '63e9e6ceda80243910c073ec81555f2781d75ac4b3cb5000c1328f2624f7be840684b0f383768020e82bce502aa90a1c8729f7b3e91c099652075a42da2187cf' '078bb20a03b7e43ad0685b0c3f6a54f1c4bd32d25e0f6c6434100c6f5f5bc27cd6281bf2134b7c7034e6aa448d895d23c20d32f7d1cc40e55f0735af777694a3' '7b56fe6d171bc9f5154fd6dd89e6678f7e65f26d53551ebc758142a3440cb796b8f7badc361b1e19ff70dfc842dce235fb3b476d35994cb0022157ae64e28cf3' + '152bdc0b317a91a8d822bcb9fc7e5d0af158e5f8095ca88af9e9c03d9c1d6ff64c412be2849d5912f5e593eb890655da630bfe3e903a29aff3fd8de3634af004' '1892bd22775eac3bcc4d37f4fd30c95346bf3a0888cbbff57fd614973b525390dff2e315ce35b2e498523cceaab94ff21a80475dee8df3de4dd8fc0fab07d74e' 'd76bd0bf237ea2bb7999fd3715cb664d89148cb0ade8057d57cdb40bc0a7954336e50ee077312e5e192398b0f35f055786deb98af9130d57e60f2ea040fbb66f' '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd' 'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a' - '59e91b346412d1be04cede5c8bf975c171f0d9fdb1aa034fb377f9f12ff837c99d8fb3af95316354a977d0f495d373863a61fbc5f4d9a6a532330aa6993c4b14' + 'f97be5da0e531ace7d6a0c1afa02a247d7bbf40c1d458709e648c0360c9d487b629ef76bde87f24c30e0ad42701d18e587f3f621d19d3bd1d4c7446ef223854c' 'd10810b3f96821965cfb106a53302329a346815b78ef5720dbd3b9065a0542034a4e071133459e4288304de5658c5509847ee8e6770a4d553593ed815034a0fb' 'SKIP') @@ -119,6 +121,7 @@ prepare() { patch -p1 -i ../0009-drm-i915-Add-a-simple-is-bound-check-before-unbinding.patch patch -p1 -i ../0010-drm-i915-Introduce-a-vma.kref.patch patch -p1 -i ../0011-iwlwifi-dont-send-GEO_TX_POWER_LIMIT-if-no-wgds-table.patch + patch -p1 -i ../0012-Revert-bpf-Provide-better-register-bounds-after-jmp32-instructions.patch # linux hardened patch @@ -2558,9 +2558,9 @@ CONFIG_HAVE_IDE=y # # SCSI device support # -CONFIG_SCSI_MOD=m +CONFIG_SCSI_MOD=y CONFIG_RAID_ATTRS=m -CONFIG_SCSI=m +CONFIG_SCSI=y CONFIG_SCSI_DMA=y CONFIG_SCSI_NETLINK=y CONFIG_SCSI_PROC_FS=y @@ -2568,7 +2568,7 @@ CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # -CONFIG_BLK_DEV_SD=m +CONFIG_BLK_DEV_SD=y CONFIG_CHR_DEV_ST=m CONFIG_BLK_DEV_SR=m CONFIG_BLK_DEV_SR_VENDOR=y @@ -2709,7 +2709,7 @@ CONFIG_SCSI_DH_EMC=m CONFIG_SCSI_DH_ALUA=m # end of SCSI device support -CONFIG_ATA=m +CONFIG_ATA=y CONFIG_ATA_VERBOSE_ERROR=y CONFIG_ATA_ACPI=y CONFIG_SATA_ZPODD=y @@ -2718,7 +2718,7 @@ CONFIG_SATA_PMP=y # # Controllers with non-SFF native interface # -CONFIG_SATA_AHCI=m +CONFIG_SATA_AHCI=y CONFIG_SATA_MOBILE_LPM_POLICY=3 CONFIG_SATA_AHCI_PLATFORM=m CONFIG_AHCI_CEVA=m |