APPLIED: [SRU][Focal][PATCH 0/1] CVE-2021-4001

[Stefan Bader]

On 07.08.23 15:21, Jacob Martin wrote:
> [Impact]
>   It was discovered that the eBPF implementation in the Linux kernel
>   contained a race condition around read-only maps. A privileged attacker
>   could use this to modify read-only maps.
> 
> [Backport]
>   Memory mapping and batch support for BPF maps are not present in
>   focal:linux, so changes to missing functions were omitted, and writecnt
>   was added to struct bpf_map.
> 
> [Test]
>   Compile and boot tested. Verified prior-working race using userfaultfd
>   was no longer achievable with patch applied.
> 
> [Potential Regression]
>   This change affects the kernel's BPF subsystem.
> 
> Daniel Borkmann (1):
>    bpf: Fix toctou on read-only map's constant scalar tracking
> 
>   include/linux/bpf.h   |  2 ++
>   kernel/bpf/syscall.c  | 25 +++++++++++++++++++++++++
>   kernel/bpf/verifier.c | 18 +++++++++++++++++-
>   3 files changed, 44 insertions(+), 1 deletion(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/0422a8b7/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/0422a8b7/attachment-0001.sig>