On Thu, Aug 26, 2021 at 8:51 PM Pavel Machek <pavel@...> wrote:
Hmm, no; that is what original code did and what is known not to work
CVE-2021-3600: eBPF 32-bit source register truncation on div/modI took a look into this. Apparently 4.14 and 4.19 is affected. (
The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.
Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.
for reasons I don't fully understand.
Anyway, I asked on the lists, and according to Thadeu Lima de Souza
Cascardo Ubuntu did some work on it and is likely to do some more.
Thank you for asking.
Oh, and we may want watch CVE-2021-3444, it is apparently related and
not yet fixed in 4.19.
I see. We keep track of it.
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Cybertrust Japan Co., Ltd.