Add files via upload

author: meenaligupta159 <meenali.gupta@windriver.com> 2024-06-16 13:45:57 +0530
committer: Khem Raj <raj.khem@gmail.com> 2024-06-24 18:20:18 -0700
commit: 5a4cc829987d4f0592795fbdaaf850248bbf376f (patch)
tree: 298bc397d12f85142b559e3e671969bdf1413a57
parent: 312ff1c39b1bf5d35c0321e873417eb013cea477 (diff)
download: meta-clang-5a4cc829987d4f0592795fbdaaf850248bbf376f.tar.gz
1 files changed, 157 insertions, 0 deletions
diff --git a/0001-bpftrace-fix-CVE-2024-2313.patch b/0001-bpftrace-fix-CVE-2024-2313.patch
new file mode 100644
index 0000000..f89069c
--- /dev/null
+++ b/0001-bpftrace-fix-CVE-2024-2313.patch
@@ -0,0 +1,157 @@
+From f77ff583d0580ad57bb8742edad034b5877b1afe Mon Sep 17 00:00:00 2001
+From: Meenali Gupta <meenali.gupta@windriver.com>
+Date: Thu, 6 Jun 2024 04:37:47 +0000
+Subject: [meta-clang][kirkstone][PATCH 1/1] bpftrace: fix CVE-2024-2313
+If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory.
+An unprivileged attacker could use this to force bcc to load compromised linux headers.
+Linux distributions which provide kernel headers by default are not affected by default.
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2024-2313
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ .../bpftrace/bpftrace/CVE-2024-2313.patch     | 117 ++++++++++++++++++
+ .../bpftrace/bpftrace_0.16.0.bb               |   1 +
+ 2 files changed, 118 insertions(+)
+ create mode 100644 dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
+diff --git a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
+new file mode 100644
+index 0000000..2129324
+--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
+@@ -0,0 +1,117 @@
+From 4be4b7191acb8218240e6b7178c30fa8c9b59998 Mon Sep 17 00:00:00 2001
+From: Jordan Rome <jordalgo@meta.com>
+Date: Wed, 6 Mar 2024 13:59:05 -0500
+Subject: [PATCH] Fix security hole checking unpacked kernel headers (#3033)
+Make sure to check that the unpacked kheaders tar is owned by root to prevent
+bpftrace from loading compromised linux headers.
+
+Co-authored-by: Jordan Rome <jordalgo@fedoraproject.org>
+
+CVE:CVE-2024-2313
+Upstream-Status: Backport [https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998]
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ src/utils.cpp   | 21 ++++++++++++++++++---
+ src/utils.h     |  1 +
+ tests/utils.cpp | 21 +++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 3 deletions(-)
+
+diff --git a/src/utils.cpp b/src/utils.cpp
+index f54c99e5..7fde8c31 100644
+--- a/src/utils.cpp
++++ b/src/utils.cpp
+@@ -112,6 +112,8 @@ const struct vmlinux_location vmlinux_locs[] = {
+   { nullptr, false },
+ };
+
++constexpr std::string_view PROC_KHEADERS_PATH = "/sys/kernel/kheaders.tar.xz";
++
+ static bool pid_in_different_mountns(int pid);
+ static std::vector<std::string>
+ resolve_binary_path(const std::string &cmd, const char *env_paths, int pid);
+@@ -510,6 +512,20 @@ bool is_dir(const std::string& path)
+   return std_filesystem::is_directory(buf, ec);
+ }
+
++bool file_exists_and_ownedby_root(const char *f)
++{
++  struct stat st;
++  if (stat(f, &st) == 0) {
++    if (st.st_uid != 0) {
++      LOG(ERROR) << "header file ownership expected to be root: "
++                 << std::string(f);
++      return false;
++    }
++    return true;
++  }
++  return false;
++}
++
+ namespace {
+   struct KernelHeaderTmpDir {
+     KernelHeaderTmpDir(const std::string& prefix) : path{prefix + "XXXXXX"}
+@@ -542,15 +558,14 @@ namespace {
+   {
+     std::error_code ec;
+     std_filesystem::path path_prefix{ "/tmp" };
+-    std_filesystem::path path_kheaders{ "/sys/kernel/kheaders.tar.xz" };
++    std_filesystem::path path_kheaders{ PROC_KHEADERS_PATH };
+     if (const char* tmpdir = ::getenv("TMPDIR")) {
+       path_prefix = tmpdir;
+     }
+     path_prefix /= "kheaders-";
+     std_filesystem::path shared_path{ path_prefix.string() + utsname.release };
+
+-    if (std_filesystem::exists(shared_path, ec))
+-    {
++    if (file_exists_and_ownedby_root(shared_path.c_str())) {
+       // already unpacked
+       return shared_path.string();
+     }
+diff --git a/src/utils.h b/src/utils.h
+index 9b96be9f..e1a5cf7d 100644
+--- a/src/utils.h
++++ b/src/utils.h
+@@ -155,6 +155,7 @@ std::vector<std::string> get_wildcard_tokens(const std::string &input,
+                                              bool &end_wildcard);
+ std::vector<int> get_online_cpus();
+ std::vector<int> get_possible_cpus();
++bool file_exists_and_ownedby_root(const char *f);
+ bool is_dir(const std::string &path);
+ std::tuple<std::string, std::string> get_kernel_dirs(
+     const struct utsname &utsname,
+diff --git a/tests/utils.cpp b/tests/utils.cpp
+index 9ca4ace5..dc71afa9 100644
+--- a/tests/utils.cpp
++++ b/tests/utils.cpp
+@@ -222,6 +222,27 @@ TEST(utils, get_cgroup_path_in_hierarchy)
+   }
+ }
+
++EST(utils, file_exists_and_ownedby_root)
++{
++  std::string tmpdir = "/tmp/bpftrace-test-utils-XXXXXX";
++  std::string file1 = "/ownedby-user";
++  std::string file2 = "/no-exists";
++  if (::mkdtemp(tmpdir.data()) == nullptr) {
++    throw std::runtime_error("creating temporary path for tests failed");
++  }
++
++  int fd;
++  fd = open((tmpdir + file1).c_str(), O_CREAT, S_IRUSR);
++  close(fd);
++  ASSERT_GE(fd, 0);
++
++  EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file1).c_str()));
++  EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file2).c_str()));
++  EXPECT_TRUE(file_exists_and_ownedby_root("/proc/1/maps"));
++
++  EXPECT_GT(std_filesystem::remove_all(tmpdir), 0);
++}
++
+ } // namespace utils
+ } // namespace test
+ } // namespace bpftrace
+--
+2.40.0
+diff --git a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
+index 2c03ad3..ef4a1a8 100644
+--- a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
+++ b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
+@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/iovisor/bpftrace;branch=master;protocol=https \
+            file://0001-replace-python-with-python3-in-the-test.patch \
+            file://0001-tools-undump-rely-on-BTF-instead-of-header-files.patch \
+            file://0001-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch \
+           file://CVE-2024-2313.patch \
+ "
+ SRCREV = "a277ec42102c463d656df8f64eb2f7e87e322210"
+ 
+-- 
+2.40.0
author	meenaligupta159 <meenali.gupta@windriver.com>	2024-06-16 13:45:57 +0530
committer	Khem Raj <raj.khem@gmail.com>	2024-06-24 18:20:18 -0700
commit	5a4cc829987d4f0592795fbdaaf850248bbf376f (patch)
tree	298bc397d12f85142b559e3e671969bdf1413a57
parent	312ff1c39b1bf5d35c0321e873417eb013cea477 (diff)
download	meta-clang-5a4cc829987d4f0592795fbdaaf850248bbf376f.tar.gz

diff --git a/0001-bpftrace-fix-CVE-2024-2313.patch b/0001-bpftrace-fix-CVE-2024-2313.patch new file mode 100644 index 0000000..f89069c --- /dev/null +++ b/0001-bpftrace-fix-CVE-2024-2313.patch
@@ -0,0 +1,157 @@
	1	From f77ff583d0580ad57bb8742edad034b5877b1afe Mon Sep 17 00:00:00 2001
	2	From: Meenali Gupta <meenali.gupta@windriver.com>
	3	Date: Thu, 6 Jun 2024 04:37:47 +0000
	4	Subject: [meta-clang][kirkstone][PATCH 1/1] bpftrace: fix CVE-2024-2313
	5
	6	If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory.
	7	An unprivileged attacker could use this to force bcc to load compromised linux headers.
	8	Linux distributions which provide kernel headers by default are not affected by default.
	9
	10	References:
	11	https://nvd.nist.gov/vuln/detail/CVE-2024-2313
	12
	13	Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
	14	---
	15	.../bpftrace/bpftrace/CVE-2024-2313.patch \| 117 ++++++++++++++++++
	16	.../bpftrace/bpftrace_0.16.0.bb \| 1 +
	17	2 files changed, 118 insertions(+)
	18	create mode 100644 dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
	19
	20	diff --git a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
	21	new file mode 100644
	22	index 0000000..2129324
	23	--- /dev/null
	24	+++ b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace/CVE-2024-2313.patch
	25	@@ -0,0 +1,117 @@
	26	+From 4be4b7191acb8218240e6b7178c30fa8c9b59998 Mon Sep 17 00:00:00 2001
	27	+From: Jordan Rome <jordalgo@meta.com>
	28	+Date: Wed, 6 Mar 2024 13:59:05 -0500
	29	+Subject: [PATCH] Fix security hole checking unpacked kernel headers (#3033)
	30	+Make sure to check that the unpacked kheaders tar is owned by root to prevent
	31	+bpftrace from loading compromised linux headers.
	32	+
	33	+Co-authored-by: Jordan Rome <jordalgo@fedoraproject.org>
	34	+
	35	+CVE:CVE-2024-2313
	36	+Upstream-Status: Backport [https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998]
	37	+
	38	+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
	39	+---
	40	+ src/utils.cpp \| 21 ++++++++++++++++++---
	41	+ src/utils.h \| 1 +
	42	+ tests/utils.cpp \| 21 +++++++++++++++++++++
	43	+ 3 files changed, 40 insertions(+), 3 deletions(-)
	44	+
	45	+diff --git a/src/utils.cpp b/src/utils.cpp
	46	+index f54c99e5..7fde8c31 100644
	47	+--- a/src/utils.cpp
	48	++++ b/src/utils.cpp
	49	+@@ -112,6 +112,8 @@ const struct vmlinux_location vmlinux_locs[] = {
	50	+ { nullptr, false },
	51	+ };
	52	+
	53	++constexpr std::string_view PROC_KHEADERS_PATH = "/sys/kernel/kheaders.tar.xz";
	54	++
	55	+ static bool pid_in_different_mountns(int pid);
	56	+ static std::vector<std::string>
	57	+ resolve_binary_path(const std::string &cmd, const char *env_paths, int pid);
	58	+@@ -510,6 +512,20 @@ bool is_dir(const std::string& path)
	59	+ return std_filesystem::is_directory(buf, ec);
	60	+ }
	61	+
	62	++bool file_exists_and_ownedby_root(const char *f)
	63	++{
	64	++ struct stat st;
	65	++ if (stat(f, &st) == 0) {
	66	++ if (st.st_uid != 0) {
	67	++ LOG(ERROR) << "header file ownership expected to be root: "
	68	++ << std::string(f);
	69	++ return false;
	70	++ }
	71	++ return true;
	72	++ }
	73	++ return false;
	74	++}
	75	++
	76	+ namespace {
	77	+ struct KernelHeaderTmpDir {
	78	+ KernelHeaderTmpDir(const std::string& prefix) : path{prefix + "XXXXXX"}
	79	+@@ -542,15 +558,14 @@ namespace {
	80	+ {
	81	+ std::error_code ec;
	82	+ std_filesystem::path path_prefix{ "/tmp" };
	83	+- std_filesystem::path path_kheaders{ "/sys/kernel/kheaders.tar.xz" };
	84	++ std_filesystem::path path_kheaders{ PROC_KHEADERS_PATH };
	85	+ if (const char* tmpdir = ::getenv("TMPDIR")) {
	86	+ path_prefix = tmpdir;
	87	+ }
	88	+ path_prefix /= "kheaders-";
	89	+ std_filesystem::path shared_path{ path_prefix.string() + utsname.release };
	90	+
	91	+- if (std_filesystem::exists(shared_path, ec))
	92	+- {
	93	++ if (file_exists_and_ownedby_root(shared_path.c_str())) {
	94	+ // already unpacked
	95	+ return shared_path.string();
	96	+ }
	97	+diff --git a/src/utils.h b/src/utils.h
	98	+index 9b96be9f..e1a5cf7d 100644
	99	+--- a/src/utils.h
	100	++++ b/src/utils.h
	101	+@@ -155,6 +155,7 @@ std::vector<std::string> get_wildcard_tokens(const std::string &input,
	102	+ bool &end_wildcard);
	103	+ std::vector<int> get_online_cpus();
	104	+ std::vector<int> get_possible_cpus();
	105	++bool file_exists_and_ownedby_root(const char *f);
	106	+ bool is_dir(const std::string &path);
	107	+ std::tuple<std::string, std::string> get_kernel_dirs(
	108	+ const struct utsname &utsname,
	109	+diff --git a/tests/utils.cpp b/tests/utils.cpp
	110	+index 9ca4ace5..dc71afa9 100644
	111	+--- a/tests/utils.cpp
	112	++++ b/tests/utils.cpp
	113	+@@ -222,6 +222,27 @@ TEST(utils, get_cgroup_path_in_hierarchy)
	114	+ }
	115	+ }
	116	+
	117	++EST(utils, file_exists_and_ownedby_root)
	118	++{
	119	++ std::string tmpdir = "/tmp/bpftrace-test-utils-XXXXXX";
	120	++ std::string file1 = "/ownedby-user";
	121	++ std::string file2 = "/no-exists";
	122	++ if (::mkdtemp(tmpdir.data()) == nullptr) {
	123	++ throw std::runtime_error("creating temporary path for tests failed");
	124	++ }
	125	++
	126	++ int fd;
	127	++ fd = open((tmpdir + file1).c_str(), O_CREAT, S_IRUSR);
	128	++ close(fd);
	129	++ ASSERT_GE(fd, 0);
	130	++
	131	++ EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file1).c_str()));
	132	++ EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file2).c_str()));
	133	++ EXPECT_TRUE(file_exists_and_ownedby_root("/proc/1/maps"));
	134	++
	135	++ EXPECT_GT(std_filesystem::remove_all(tmpdir), 0);
	136	++}
	137	++
	138	+ } // namespace utils
	139	+ } // namespace test
	140	+ } // namespace bpftrace
	141	+--
	142	+2.40.0
	143	diff --git a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
	144	index 2c03ad3..ef4a1a8 100644
	145	--- a/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
	146	+++ b/dynamic-layers/openembedded-layer/recipes-devtools/bpftrace/bpftrace_0.16.0.bb
	147	@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/iovisor/bpftrace;branch=master;protocol=https \
	148	file://0001-replace-python-with-python3-in-the-test.patch \
	149	file://0001-tools-undump-rely-on-BTF-instead-of-header-files.patch \
	150	file://0001-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch \
	151	+ file://CVE-2024-2313.patch \
	152	"
	153	SRCREV = "a277ec42102c463d656df8f64eb2f7e87e322210"
	154
	155	--
	156	2.40.0
	157