UBUNTU: SAUCE: Add missing hunks from "bpf: fix branch pruning logic"

BugLink: http://bugs.launchpad.net/bugs/1763454

At the time this commit was backported some of the code it
modifies was not present. When the code was later introduced from
upstream stable it did not get the changes from this commit.
Backport those changes now.

v2: Also remove errant marking of instruction as seen from the
backport.

CVE-2017-17862
Fixes: 68dd63b2 ("bpf: fix branch pruning logic")
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

kernel/bpf/verifier.c

@@ -1846,7 +1846,6 @@ static int do_check(struct verifier_env *env)
 
 			if (BPF_SIZE(insn->code) != BPF_W) {
 				insn_idx++;
-				env->insn_aux_data[insn_idx].seen = true;
 				continue;
 			}
 
@@ -2016,6 +2015,7 @@ static int do_check(struct verifier_env *env)
 					return err;
 
 				insn_idx++;
+				env->insn_aux_data[insn_idx].seen = true;
 			} else {
 				verbose("invalid BPF_LD mode\n");
 				return -EINVAL;
@@ -2172,6 +2172,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
 				u32 off, u32 cnt)
 {
 	struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
+	int i;
 
 	if (cnt == 1)
 		return 0;
@@ -2181,6 +2182,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
 	memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
 	memcpy(new_data + off + cnt - 1, old_data + off,
 	       sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+	for (i = off; i < off + cnt - 1; i++)
+		new_data[i].seen = true;
 	env->insn_aux_data = new_data;
 	vfree(old_data);
 	return 0;