From 6b8391245553f4929c637aedf75066082124f0e6 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 1 Apr 2020 11:16:36 -0500 Subject: Linux v5.5.14 --- ...2-test-cases-to-fix-range-bound-deduction.patch | 53 ++++++++++++++++++++++ kernel.spec | 6 ++- sources | 2 +- 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch diff --git a/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch b/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch new file mode 100644 index 000000000..0b8304e7f --- /dev/null +++ b/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch @@ -0,0 +1,53 @@ +From 6b5ca133b9fbd57f0ca4acd7999c4e9a93e702be Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Fri, 24 Jan 2020 14:21:14 +0000 +Subject: bpf: update jmp32 test cases to fix range bound deduction + +From: Daniel Borkmann + +[ no upstream commit ] + +Since commit f2d67fec0b43 ("bpf: Undo incorrect __reg_bound_offset32 handling") +has been backported to stable, we also need to update related test cases that +started to (expectedly) fail on stable. Given the functionality has been reverted +we need to move the result to REJECT. + +Reported-by: Naresh Kamboju +Signed-off-by: Daniel Borkmann +Signed-off-by: Greg Kroah-Hartman + +--- + tools/testing/selftests/bpf/verifier/jmp32.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/tools/testing/selftests/bpf/verifier/jmp32.c ++++ b/tools/testing/selftests/bpf/verifier/jmp32.c +@@ -768,7 +768,8 @@ + }, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + .fixup_map_hash_48b = { 4 }, +- .result = ACCEPT, ++ .result = REJECT, ++ .errstr = "R8 unbounded memory access", + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, + }, + { +@@ -796,7 +797,8 @@ + }, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + .fixup_map_hash_48b = { 4 }, +- .result = ACCEPT, ++ .result = REJECT, ++ .errstr = "R8 unbounded memory access", + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, + }, + { +@@ -824,6 +826,7 @@ + }, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + .fixup_map_hash_48b = { 4 }, +- .result = ACCEPT, ++ .result = REJECT, ++ .errstr = "R8 unbounded memory access", + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, + }, diff --git a/kernel.spec b/kernel.spec index 4d3a27137..8e8d27a64 100644 --- a/kernel.spec +++ b/kernel.spec @@ -89,7 +89,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 13 +%define stable_update 14 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -2893,6 +2893,10 @@ fi # # %changelog +* Wed Apr 01 2020 Justin M. Forbes - 5.5.14-200 +- Linux v5.5.14 +- Fixes CVE-2020-8835 (rhbz 1818941 1817350) + * Wed Mar 25 2020 Justin M. Forbes - 5.5.13-200 - Linux v5.5.13 diff --git a/sources b/sources index 7a8d0ae85..85c5f595f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.5.tar.xz) = fa74fdabb5e63384a39e54da05b86a9ae9ea16179524b041fbbdffc7177e80b53600ae98d76be127ba216148f9dc55fe07ab20637e22c6d6030cb4aa09eb2f86 -SHA512 (patch-5.5.13.xz) = 22ff73b07ef89cc61950d929d99cabba42b2678e4e08a981e5bc61aae9523637626e779ce718eb55e27568479db2db483eee4fe042e36f70335b6b74886950a5 +SHA512 (patch-5.5.14.xz) = 3f975cbbaa68a6455eb3fce81e9ac14bf68721077cd0d6b5dc530034bcde3ccc9046e712c08253d89157a25ab29fae614a6b99e7186bfddc960938ce242ba55b -- cgit From 2c2797a4fecc43103e3026c66d5706367bb962e9 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 1 Apr 2020 11:17:02 -0500 Subject: remove unused patch --- ...2-test-cases-to-fix-range-bound-deduction.patch | 53 ---------------------- 1 file changed, 53 deletions(-) delete mode 100644 bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch diff --git a/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch b/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch deleted file mode 100644 index 0b8304e7f..000000000 --- a/bpf-update-jmp32-test-cases-to-fix-range-bound-deduction.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 6b5ca133b9fbd57f0ca4acd7999c4e9a93e702be Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann -Date: Fri, 24 Jan 2020 14:21:14 +0000 -Subject: bpf: update jmp32 test cases to fix range bound deduction - -From: Daniel Borkmann - -[ no upstream commit ] - -Since commit f2d67fec0b43 ("bpf: Undo incorrect __reg_bound_offset32 handling") -has been backported to stable, we also need to update related test cases that -started to (expectedly) fail on stable. Given the functionality has been reverted -we need to move the result to REJECT. - -Reported-by: Naresh Kamboju -Signed-off-by: Daniel Borkmann -Signed-off-by: Greg Kroah-Hartman - ---- - tools/testing/selftests/bpf/verifier/jmp32.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - ---- a/tools/testing/selftests/bpf/verifier/jmp32.c -+++ b/tools/testing/selftests/bpf/verifier/jmp32.c -@@ -768,7 +768,8 @@ - }, - .prog_type = BPF_PROG_TYPE_SCHED_CLS, - .fixup_map_hash_48b = { 4 }, -- .result = ACCEPT, -+ .result = REJECT, -+ .errstr = "R8 unbounded memory access", - .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, - }, - { -@@ -796,7 +797,8 @@ - }, - .prog_type = BPF_PROG_TYPE_SCHED_CLS, - .fixup_map_hash_48b = { 4 }, -- .result = ACCEPT, -+ .result = REJECT, -+ .errstr = "R8 unbounded memory access", - .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, - }, - { -@@ -824,6 +826,7 @@ - }, - .prog_type = BPF_PROG_TYPE_SCHED_CLS, - .fixup_map_hash_48b = { 4 }, -- .result = ACCEPT, -+ .result = REJECT, -+ .errstr = "R8 unbounded memory access", - .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, - }, -- cgit