Linux Kernel LoongArch BPF Trampoline Disabling Vulnerability

A vulnerability in the Linux kernel's BPF trampoline implementation on LoongArch architecture has been identified. This issue arises because the current implementation is incompatible with tracing functions in kernel modules, leading to several severe problems. Notably, the 'bpf_selftests/module_attach' test fails consistently, and a kernel lockup occurs when a BPF program is attached to a module function. Additionally, critical kernel modules like WireGuard experience traffic disruptions when their functions are traced with fentry. As a temporary measure, the BPF subsystem has been patched to disable trampoline attachments to kernel module functions on LoongArch, preventing these issues until a permanent fix can be implemented.

Impact

The vulnerability's impact includes causing kernel lockups when BPF programs are attached to module functions, disrupting traffic for critical kernel modules like WireGuard when traced with fentry, and consistently failing the 'bpf_selftests/module_attach' test.

Reproduction

The vulnerability can be reproduced by loading a BPF program that attaches to a function in a kernel module on a LoongArch system. This will cause a kernel lockup, demonstrating the incompatibility of the BPF trampoline implementation with module function tracing.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to apply the patch that disables the problematic BPF trampoline feature for kernel module functions on LoongArch.