Linux Kernel LoongArch BPF JIT Exception Handling Vulnerability

A vulnerability exists in the Linux kernel's handling of memory access errors in BPF programs on LoongArch architecture. This issue arises from the BPF Just-In-Time (JIT) compiler not properly managing recoverable memory access exceptions triggered by BPF_PROBE_MEM instructions. When these instructions access invalid memory addresses, ADEM exceptions are generated. Although the kernel's BPF exception table can create fixup entries during JIT compilation, the specific trap handling for LoongArch must manually invoke the common exception recovery routine. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to improper handling of memory access exceptions in BPF programs, potentially causing unsafe execution or allowing BPF programs to access illegal memory addresses.

Reproduction

The vulnerability can be reproduced by running a BPF program on a LoongArch system that uses the BPF_PROBE_MEM instruction to access memory. This should trigger ADEM exceptions due to illegal memory access. The issue can be observed by testing the BPF program's execution, which may fail or behave unexpectedly because the JIT compiler does not properly recover from the exceptions.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.