linux

History

Xi Wang 8eee539dde arm64: bpf: fix out-of-bounds read in bpf2a64_offset() Problems occur when bpf_to or bpf_from has value prog->len - 1 (e.g., "Very long jump backwards" in test_bpf where the last instruction is a jump): since ctx->offset has length prog->len, ctx->offset[bpf_to + 1] or ctx->offset[bpf_from + 1] will cause an out-of-bounds read, leading to a bogus jump offset and kernel panic. This patch moves updating ctx->offset to after calling build_insn(), and changes indexing to use bpf_to and bpf_from without + 1. Fixes: `e54bcde3d6` ("arm64: eBPF JIT compiler") Cc: <stable@vger.kernel.org> # 3.18+ Cc: Zi Shen Lim <zlim.lnx@gmail.com> Cc: Will Deacon <will.deacon@arm.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>		2015-06-25 14:50:43 +01:00
..
boot	ARM64: juno: add sp810 support and fix sp804 clock frequency	2015-05-12 16:39:28 +02:00
configs	arm64: defconfig: enable memtest	2015-06-15 16:57:46 +01:00
crypto	Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2015-05-11 11:05:13 -07:00
include	arm64: use private ratelimit state along with show_unhandled_signals	2015-06-19 16:26:15 +01:00
kernel	ARM64: smp: Fix suspicious RCU usage with ipi tracepoints	2015-06-25 14:37:32 +01:00
kvm	arm64: KVM: Switch vgic save/restore to alternative_insn	2015-06-12 15:12:08 +01:00
lib	arm64: __clear_user: handle exceptions on strb	2014-11-13 15:21:26 +00:00
mm	arm64: use private ratelimit state along with show_unhandled_signals	2015-06-19 16:26:15 +01:00
net	arm64: bpf: fix out-of-bounds read in bpf2a64_offset()	2015-06-25 14:50:43 +01:00
xen	arm: xen: implement multicall hypercall support.	2014-04-24 13:09:46 +01:00
Kconfig	arm64: Allow forced irq threading	2015-05-19 15:27:42 +01:00
Kconfig.debug	coresight: moving to new "hwtracing" directory	2015-04-03 16:17:04 +02:00
Makefile	arm64: Adjust EFI libstub object include logic	2015-03-17 16:59:47 +00:00