Linux Kernel LoongArch BPF Jump Offset Calculation Vulnerability in Tailcall

A vulnerability in the Linux kernel's BPF JIT compiler for LoongArch architecture has been addressed. The issue arose because an additional pass of the BPF JIT compilation process omitted crucial context initialization, leading to incorrect jump offset calculations. This miscalculation caused the offset to be negative, which is erroneous. The flaw could be demonstrated by a specific test case that, before the patch, caused a soft lockup, with the CPU being unresponsive for an extended period.

Impact

Exploitation of this vulnerability led to a soft lockup, causing a CPU to become unresponsive for 26 seconds, as reported by the Linux kernel's watchdog.

Reproduction

The vulnerability can be reproduced by running the BPF self-test program 'tailcall_bpf2bpf_1' with the 'allow tailcalls' option. This test case will trigger the soft lockup issue by causing the CPU to become unresponsive for an extended period.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository.