CVE-2022-49552

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix combination of jit blinding and pointers to bpf subprogs.<br /> <br /> The combination of jit blinding and pointers to bpf subprogs causes:<br /> [ 36.989548] BUG: unable to handle page fault for address: 0000000100000001<br /> [ 36.990342] #PF: supervisor instruction fetch in kernel mode<br /> [ 36.990968] #PF: error_code(0x0010) - not-present page<br /> [ 36.994859] RIP: 0010:0x100000001<br /> [ 36.995209] Code: Unable to access opcode bytes at RIP 0xffffffd7.<br /> [ 37.004091] Call Trace:<br /> [ 37.004351] <br /> [ 37.004576] ? bpf_loop+0x4d/0x70<br /> [ 37.004932] ? bpf_prog_3899083f75e4c5de_F+0xe3/0x13b<br /> <br /> The jit blinding logic didn&amp;#39;t recognize that ld_imm64 with an address<br /> of bpf subprogram is a special instruction and proceeded to randomize it.<br /> By itself it wouldn&amp;#39;t have been an issue, but jit_subprogs() logic<br /> relies on two step process to JIT all subprogs and then JIT them<br /> again when addresses of all subprogs are known.<br /> Blinding process in the first JIT phase caused second JIT to miss<br /> adjustment of special ld_imm64.<br /> <br /> Fix this issue by ignoring special ld_imm64 instructions that don&amp;#39;t have<br /> user controlled constants and shouldn&amp;#39;t be blinded.