CVE-2024-47794

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Prevent tailcall infinite loop caused by freplace<br /> <br /> There is a potential infinite loop issue that can occur when using a<br /> combination of tail calls and freplace.<br /> <br /> In an upcoming selftest, the attach target for entry_freplace of<br /> tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in<br /> entry_freplace leads to entry_tc. This results in an infinite loop:<br /> <br /> entry_tc -&gt; subprog_tc -&gt; entry_freplace --tailcall-&gt; entry_tc.<br /> <br /> The problem arises because the tail_call_cnt in entry_freplace resets to<br /> zero each time entry_freplace is executed, causing the tail call mechanism<br /> to never terminate, eventually leading to a kernel panic.<br /> <br /> To fix this issue, the solution is twofold:<br /> <br /> 1. Prevent updating a program extended by an freplace program to a<br /> prog_array map.<br /> 2. Prevent extending a program that is already part of a prog_array map<br /> with an freplace program.<br /> <br /> This ensures that:<br /> <br /> * If a program or its subprogram has been extended by an freplace program,<br /> it can no longer be updated to a prog_array map.<br /> * If a program has been added to a prog_array map, neither it nor its<br /> subprograms can be extended by an freplace program.<br /> <br /> Moreover, an extension program should not be tailcalled. As such, return<br /> -EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a<br /> prog_array map.<br /> <br /> Additionally, fix a minor code style issue by replacing eight spaces with a<br /> tab for proper formatting.