CVE-2025-21895
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order.
The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different.
To fix this problem, insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list.
The follow testcase can trigger above warning:
perf record -e cycles –call-graph lbr – taskset -c 3 ./a.out &
perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out
test.c
void main() { int count = 0; pid_t pid;
printf("%d running\n", getpid());
sleep(30);
printf("running\n");
pid = fork();
if (pid == -1) {
printf("fork error\n");
return;
}
if (pid == 0) {
while (1) {
count++;
}
} else {
while (1) {
count++;
}
}
}
The testcase first opens an LBR event, so it will allocate task_ctx_data, and then open tracepoint and software events, so the parent context will have 3 different perf_event_pmu_contexts. On inheritance, child ctx will insert the perf_event_pmu_context in another order and the warning will trigger.
[ mingo: Tidied up the changelog. ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bd27568117664b8b3e259721393df420ed51f57b < f0c3971405cef6892844016aa710121a02da3a23 | affected |
| Linux | Linux | bd27568117664b8b3e259721393df420ed51f57b < 7d582eb6e4e100959ba07083d7563453c8c2a343 | affected |
| Linux | Linux | bd27568117664b8b3e259721393df420ed51f57b < 3e812a70732d84b7873cea61a7f6349b9a9dcbf5 | affected |
| Linux | Linux | bd27568117664b8b3e259721393df420ed51f57b < 2016066c66192a99d9e0ebf433789c490a6785a2 | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.81 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.18 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.6 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23
- https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343
- https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5
- https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.