CVE-2025-38339

In the Linux kernel, the following vulnerability has been resolved:

powerpc/bpf: fix JIT code size calculation of bpf trampoline

archbpftrampolinesize() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline JIT code depends on where the final image is located. So, the size arrived at with the dummy pass in archbpftrampolinesize() can vary from the actual size needed in archpreparebpftrampoline(). When the instructions accounted in archbpftrampolinesize() is less than the number of instructions emitted during the actual JIT compile of the trampoline, the below warning is produced:

WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpfjitcomp.c:981 _archpreparebpftrampoline.isra.0+0xd2c/0xdcc

which is:

/* Make sure the trampoline generation logic doesn't overflow */ if (image && WARNONONCE(&image[ctx->idx] > (u32 *)rwimageend - BPFINSNSAFETY)) {

So, during the dummy pass, instead of providing some arbitrary image location, account for maximum possible instructions if and when there is a dependency with image location for JIT'ing.