Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2025 / CVE-2025-21895.mbox
blob: 0d7ce962f2541271cc796ed20d495356ced4a7ee [file] [log] [blame]
From bippy-7c5fe7eed585 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in
perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same
perf_event_pmu_context, but not in the same order.
The problem is that the order of pmu_ctx_list for the parent is impacted by
the time when an event/PMU is added. While the order for a child is
impacted by the event order in the pinned_groups and flexible_groups. So
the order of pmu_ctx_list in the parent and child may be different.
To fix this problem, insert the perf_event_pmu_context to its proper place
after iteration of the pmu_ctx_list.
The follow testcase can trigger above warning:
# perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out &
# perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out
test.c
void main() {
int count = 0;
pid_t pid;
printf("%d running\n", getpid());
sleep(30);
printf("running\n");
pid = fork();
if (pid == -1) {
printf("fork error\n");
return;
}
if (pid == 0) {
while (1) {
count++;
}
} else {
while (1) {
count++;
}
}
}
The testcase first opens an LBR event, so it will allocate task_ctx_data,
and then open tracepoint and software events, so the parent context will
have 3 different perf_event_pmu_contexts. On inheritance, child ctx will
insert the perf_event_pmu_context in another order and the warning will
trigger.
[ mingo: Tidied up the changelog. ]
The Linux kernel CVE team has assigned CVE-2025-21895 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.2 with commit bd27568117664b8b3e259721393df420ed51f57b and fixed in 6.6.81 with commit f0c3971405cef6892844016aa710121a02da3a23
Issue introduced in 6.2 with commit bd27568117664b8b3e259721393df420ed51f57b and fixed in 6.12.18 with commit 7d582eb6e4e100959ba07083d7563453c8c2a343
Issue introduced in 6.2 with commit bd27568117664b8b3e259721393df420ed51f57b and fixed in 6.13.6 with commit 3e812a70732d84b7873cea61a7f6349b9a9dcbf5
Issue introduced in 6.2 with commit bd27568117664b8b3e259721393df420ed51f57b and fixed in 6.14 with commit 2016066c66192a99d9e0ebf433789c490a6785a2
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-21895
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/events/core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23
https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343
https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5
https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2