Linux Kernel LoongArch BPF Trampoline Program Struct Argument Support Vulnerability

A vulnerability exists in the Linux kernel's handling of BPF trampoline programs on LoongArch architecture, specifically regarding struct arguments. The current implementation lacks support for struct arguments, leading to a kernel oops error when certain BPF self-tests are executed. This issue arises because the BPF trampoline handler cannot properly manage struct arguments, causing a null pointer dereference and subsequent memory access violation. The problem was identified during the BPF self-test suite, which revealed a stall in the RCU grace-period handling, indicating a potential resource starvation issue that could lead to an out-of-memory condition.

Impact

Exploitation of this vulnerability causes a kernel oops, indicating a serious error that disrupts normal operation. This specific issue involves a null pointer dereference, which is a common source of memory corruption vulnerabilities in the kernel.

Reproduction

To reproduce this vulnerability, run the BPF self-test program 'test_progs' with the argument 'tracing_struct' on a LoongArch system. This will trigger the BPF trampoline handling for struct arguments, which is not supported, leading to a kernel oops error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux stable tree.