Linux Kernel BPF JIT Frame Pointer Initialization Vulnerability in ARM64

A vulnerability has been identified in the Linux kernel's BPF Just-In-Time (JIT) compiler for ARM64 architecture. When a BPF program is marked as an exception boundary, the JIT compiler fails to properly initialize the frame pointer (FP) in the program's prologue. This oversight occurs because the function responsible for tracking register usage does not recognize that the frame pointer is being used, leading to a situation where the kernel can crash due to a page fault. The issue arises in several versions of the Linux kernel.

Impact

The vulnerability can cause the Linux kernel to crash, resulting in a page fault.

Reproduction

To reproduce this vulnerability, create a BPF program that is set to act as an exception boundary. When this program is compiled with the ARM64 BPF JIT, the frame pointer will not be properly initialized, despite being used in the program. This can be verified by observing the resulting behavior of the kernel, which will crash due to a page fault.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.