diff options
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch | 68 | ||||
-rw-r--r-- | PKGBUILD | 8 |
3 files changed, 8 insertions, 80 deletions
@@ -1,7 +1,7 @@ pkgbase = linux-vfio-lts pkgdesc = LTS Linux VFIO - pkgver = 5.4.28 - pkgrel = 2 + pkgver = 5.4.30 + pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 license = GPL2 @@ -14,20 +14,18 @@ pkgbase = linux-vfio-lts makedepends = graphviz makedepends = imagemagick options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.28.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.28.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.30.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.4.30.tar.sign source = config source = 0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch - source = 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch source = add-acs-overrides.patch source = i915-vga-arbiter.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = c863cc1346348f9a40083b4bc0d34375117b1c401af920994d42e855653ef7a4 + sha256sums = 11dd78f701bce619d90d3b2ee597601716c48087e159c890c1decd7b90349def sha256sums = SKIP sha256sums = 7a58467b4cf628306a0048993f43508e5da39d8495801602b25b035372651697 sha256sums = a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2 - sha256sums = c6d203cb728fbe70f8bd60c9448f0cbcb36d8b535fc1cdd59bda4a26ead303bf sha256sums = 4073312646af8ba01c000f258041b2dc8634a8d9a4a4be8dc0bf12a9b4041cb1 sha256sums = 50880279bab5793c89a6823d751d3c84ead5efd5c4c0d38b921a14061fc0d336 diff --git a/0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch b/0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch deleted file mode 100644 index dc6a4832e92a..000000000000 --- a/0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 6f2896ad2981c70be7caf0e44e0adc25f76d9937 Mon Sep 17 00:00:00 2001 -From: Levente Polyak <levente@leventepolyak.net> -Date: Mon, 30 Mar 2020 20:42:07 +0200 -Subject: [PATCH] CVE-2020-8835: Revert "bpf: Provide better register bounds - after jmp32 instructions" - -This reverts commit b4de258dede528f88f401259aab3147fb6da1ddf which is a -backport of 581738a681b6. - -Manfred Paul, as part of the ZDI pwn2own competition, demonstrated -that a flaw existed in the bpf verifier for 32bit operations. This -was introduced in commit: - - 581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions") - -The result is that register bounds were improperly calculated, -allowing out-of-bounds reads and writes to occur. ---- - kernel/bpf/verifier.c | 19 ------------------- - 1 file changed, 19 deletions(-) - -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c -index b2817d0929b3..a0b76b360d6f 100644 ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -979,17 +979,6 @@ static void __reg_bound_offset(struct bpf_reg_state *reg) - reg->umax_value)); - } - --static void __reg_bound_offset32(struct bpf_reg_state *reg) --{ -- u64 mask = 0xffffFFFF; -- struct tnum range = tnum_range(reg->umin_value & mask, -- reg->umax_value & mask); -- struct tnum lo32 = tnum_cast(reg->var_off, 4); -- struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32); -- -- reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range)); --} -- - /* Reset the min/max bounds of a register */ - static void __mark_reg_unbounded(struct bpf_reg_state *reg) - { -@@ -5452,10 +5441,6 @@ static void reg_set_min_max(struct bpf_reg_state *true_reg, - /* We might have learned some bits from the bounds. */ - __reg_bound_offset(false_reg); - __reg_bound_offset(true_reg); -- if (is_jmp32) { -- __reg_bound_offset32(false_reg); -- __reg_bound_offset32(true_reg); -- } - /* Intersecting with the old var_off might have improved our bounds - * slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc), - * then new var_off is (0; 0x7f...fc) which improves our umax. -@@ -5565,10 +5550,6 @@ static void reg_set_min_max_inv(struct bpf_reg_state *true_reg, - /* We might have learned some bits from the bounds. */ - __reg_bound_offset(false_reg); - __reg_bound_offset(true_reg); -- if (is_jmp32) { -- __reg_bound_offset32(false_reg); -- __reg_bound_offset32(true_reg); -- } - /* Intersecting with the old var_off might have improved our bounds - * slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc), - * then new var_off is (0; 0x7f...fc) which improves our umax. --- -2.26.0 - @@ -1,8 +1,8 @@ # Maintainer: Andreas Radke <andyrtr@archlinux.org> pkgbase=linux-vfio-lts -pkgver=5.4.28 -pkgrel=2 +pkgver=5.4.30 +pkgrel=1 pkgdesc='LTS Linux VFIO' url="https://www.kernel.org/" arch=(x86_64) @@ -17,7 +17,6 @@ source=( https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign} config # the main kernel config file 0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch - 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch add-acs-overrides.patch i915-vga-arbiter.patch ) @@ -26,11 +25,10 @@ validpgpkeys=( '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc -sha256sums=('c863cc1346348f9a40083b4bc0d34375117b1c401af920994d42e855653ef7a4' +sha256sums=('11dd78f701bce619d90d3b2ee597601716c48087e159c890c1decd7b90349def' 'SKIP' '7a58467b4cf628306a0048993f43508e5da39d8495801602b25b035372651697' 'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2' - 'c6d203cb728fbe70f8bd60c9448f0cbcb36d8b535fc1cdd59bda4a26ead303bf' '4073312646af8ba01c000f258041b2dc8634a8d9a4a4be8dc0bf12a9b4041cb1' '50880279bab5793c89a6823d751d3c84ead5efd5c4c0d38b921a14061fc0d336') |