CVE-2022-48755

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc64/bpf: Limit &amp;#39;ldbrx&amp;#39; to processors compliant with ISA v2.06<br /> <br /> Johan reported the below crash with test_bpf on ppc64 e5500:<br /> <br /> test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -&gt; 0x67452301 jited:1<br /> Oops: Exception in kernel mode, sig: 4 [#1]<br /> BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500<br /> Modules linked in: test_bpf(+)<br /> CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1<br /> NIP: 8000000000061c3c LR: 80000000006dea64 CTR: 8000000000061c18<br /> REGS: c0000000032d3420 TRAP: 0700 Not tainted (5.14.0-03771-g98c2059e008a-dirty)<br /> MSR: 0000000080089000 CR: 88002822 XER: 20000000 IRQMASK: 0<br /> <br /> NIP [8000000000061c3c] 0x8000000000061c3c<br /> LR [80000000006dea64] .__run_one+0x104/0x17c [test_bpf]<br /> Call Trace:<br /> .__run_one+0x60/0x17c [test_bpf] (unreliable)<br /> .test_bpf_init+0x6a8/0xdc8 [test_bpf]<br /> .do_one_initcall+0x6c/0x28c<br /> .do_init_module+0x68/0x28c<br /> .load_module+0x2460/0x2abc<br /> .__do_sys_init_module+0x120/0x18c<br /> .system_call_exception+0x110/0x1b8<br /> system_call_common+0xf0/0x210<br /> --- interrupt: c00 at 0x101d0acc<br /> <br /> ---[ end trace 47b2bf19090bb3d0 ]---<br /> <br /> Illegal instruction<br /> <br /> The illegal instruction turned out to be &amp;#39;ldbrx&amp;#39; emitted for<br /> BPF_FROM_[L|B]E, which was only introduced in ISA v2.06. Guard use of<br /> the same and implement an alternative approach for older processors.