CVE-2025-38723

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: BPF: Fix jump offset calculation in tailcall<br /> <br /> The extra pass of bpf_int_jit_compile() skips JIT context initialization<br /> which essentially skips offset calculation leaving out_offset = -1, so<br /> the jmp_offset in emit_bpf_tail_call is calculated by<br /> <br /> "#define jmp_offset (out_offset - (cur_offset))"<br /> <br /> is a negative number, which is wrong. The final generated assembly are<br /> as follow.<br /> <br /> 54: bgeu $a2, $t1, -8 # 0x0000004c<br /> 58: addi.d $a6, $s5, -1<br /> 5c: bltz $a6, -16 # 0x0000004c<br /> 60: alsl.d $t2, $a2, $a1, 0x3<br /> 64: ld.d $t2, $t2, 264<br /> 68: beq $t2, $zero, -28 # 0x0000004c<br /> <br /> Before apply this patch, the follow test case will reveal soft lock issues.<br /> <br /> cd tools/testing/selftests/bpf/<br /> ./test_progs --allow=tailcalls/tailcall_bpf2bpf_1<br /> <br /> dmesg:<br /> watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]