CVE-2022-50491
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50491
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50491.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50491
- Downstream
- Published
- 2025-10-04T15:43:44Z
- Modified
- 2025-10-21T13:25:08.743458Z
- Summary
- coresight: cti: Fix hang in cti_disable_hw()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
coresight: cti: Fix hang in ctidisablehw()
ctienablehw() and ctidisablehw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware.
Since commit 3c6656337852 ("Revert "firmware: arm_scmi: Add clock management to the SCMI power domain""), this causes a hang on Juno when running the Perf Coresight tests or running this command:
perf record -e cs_etm//u -- ls
This was also missed until the revert commit because pmruntimeput() was called with the wrong device until commit 692c9a499b28 ("coresight: cti: Correct the parameter for pmruntimeput")
With lock and scheduler debugging enabled the following is output:
coresight ctisys0: ctienablehw -- dev:ctisys0 parent: 20020000.cti BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151 inatomic(): 1, irqsdisabled(): 128, nonblock: 0, pid: 330, name: perf-exec preemptcount: 2, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffff80000822b394>] copyprocess+0xa0c/0x1948 softirqs last enabled at (0): [<ffff80000822b394>] copyprocess+0xa0c/0x1948 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7 Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13 2022 Call trace: dumpbacktrace+0x134/0x140 showstack+0x20/0x58 dumpstacklvl+0x8c/0xb8 dumpstack+0x18/0x34 _mightresched+0x180/0x228 _mightsleep+0x50/0x88 _pmruntimeresume+0xac/0xb0 ctienable+0x44/0x120 coresightcontrolassocectdev+0xc0/0x150 coresightenablepath+0xb4/0x288 etmeventstart+0x138/0x170 etmeventadd+0x48/0x70 eventschedin.isra.122+0xb4/0x280 mergeschedin+0x1fc/0x3d0 visitgroupsmerge.constprop.137+0x16c/0x4b0 ctxschedin+0x114/0x1f0 perfeventschedin+0x60/0x90 ctxresched+0x68/0xb0 perfeventexec+0x138/0x508 beginnewexec+0x52c/0xd40 loadelfbinary+0x6b8/0x17d0 bprmexecve+0x360/0x7f8 doexecveatcommon.isra.47+0x218/0x238 _arm64sysexecve+0x48/0x60 invokesyscall+0x4c/0x110 el0svccommon.constprop.4+0xfc/0x120 doel0svc+0x34/0xc0 el0svc+0x40/0x98 el0t64synchandler+0x98/0xc0 el0t64_sync+0x170/0x174
Fix the issue by removing the runtime PM calls completely. They are not needed here because it must have already been done when building the path for a trace.
[ Fix build warnings ]
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4c365a0c21aaf2b8fcc88de8dc298803288f61ac
- https://git.kernel.org/stable/c/6746eae4bbaddcc16b40efb33dab79210828b3ce
- https://git.kernel.org/stable/c/c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d
- https://git.kernel.org/stable/c/e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced835d722ba10ac924adba1e8a46f2d80955222b4bFixede33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced835d722ba10ac924adba1e8a46f2d80955222b4bFixed4c365a0c21aaf2b8fcc88de8dc298803288f61ac
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced835d722ba10ac924adba1e8a46f2d80955222b4bFixedc51cfba50df8b9e16bfe0e6d4f2f252a4a10063d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced835d722ba10ac924adba1e8a46f2d80955222b4bFixed6746eae4bbaddcc16b40efb33dab79210828b3ce
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.120
v5.10.121
v5.10.122
v5.10.123
v5.10.124
v5.10.125
v5.10.126
v5.10.127
v5.10.128
v5.10.129
v5.10.13
v5.10.130
v5.10.131
v5.10.132
v5.10.133
v5.10.134
v5.10.135
v5.10.136
v5.10.137
v5.10.138
v5.10.139
v5.10.14
v5.10.140
v5.10.141
v5.10.142
v5.10.143
v5.10.144
v5.10.145
v5.10.146
v5.10.147
v5.10.148
v5.10.149
v5.10.15
v5.10.150
v5.10.151
v5.10.152
v5.10.153
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.6
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.1-rc1
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_enable_hw"
},
"id": "CVE-2022-50491-01243019",
"signature_type": "Function",
"digest": {
"function_hash": "258822512516994561033440342376283515255",
"length": 696.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c365a0c21aaf2b8fcc88de8dc298803288f61ac",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c"
},
"id": "CVE-2022-50491-0e7dcd99",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136082628046774151651751032329227002743",
"4121973922804849949572041217022049940",
"200641738851577350415027807200213457369",
"81038506446212046130913997246305847534",
"169463800294515338379695851197479286403",
"98544524750309906207942827326915445913",
"567047323916597725078213282498788082",
"160562240523768507523077388953422394144",
"41766393851770903092674013848275985824",
"111518799630494447893238269504369409664",
"249734821680347670790674760620454370775",
"319770805428527370637204354429187613909",
"28384441718991952122201345141995780848",
"259825381442701589552202260058280488070",
"171985055361099708570055886606835302248",
"223375355287638071741182522441410057577",
"137807356443644126060524967277676424844",
"203410219813058234433341586029554541151",
"181603935819813443325997189813357209761"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c"
},
"id": "CVE-2022-50491-195b2e02",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136082628046774151651751032329227002743",
"4121973922804849949572041217022049940",
"200641738851577350415027807200213457369",
"81038506446212046130913997246305847534",
"169463800294515338379695851197479286403",
"98544524750309906207942827326915445913",
"567047323916597725078213282498788082",
"160562240523768507523077388953422394144",
"41766393851770903092674013848275985824",
"111518799630494447893238269504369409664",
"249734821680347670790674760620454370775",
"319770805428527370637204354429187613909",
"90778835845509757448463566248193547190",
"133588114978290120021602527485126125296",
"140718523273827748234722310248237822005",
"54347606774705902048255606855645121801",
"137807356443644126060524967277676424844",
"203410219813058234433341586029554541151",
"181603935819813443325997189813357209761"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c365a0c21aaf2b8fcc88de8dc298803288f61ac",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_enable_hw"
},
"id": "CVE-2022-50491-1defa05f",
"signature_type": "Function",
"digest": {
"function_hash": "93909056586532599197059612307327894959",
"length": 697.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c365a0c21aaf2b8fcc88de8dc298803288f61ac",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_disable_hw"
},
"id": "CVE-2022-50491-2101ba0a",
"signature_type": "Function",
"digest": {
"function_hash": "73207494949374488817812426627069416565",
"length": 623.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_disable_hw"
},
"id": "CVE-2022-50491-29a19d93",
"signature_type": "Function",
"digest": {
"function_hash": "73207494949374488817812426627069416565",
"length": 623.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_enable_hw"
},
"id": "CVE-2022-50491-6b07ef6d",
"signature_type": "Function",
"digest": {
"function_hash": "93909056586532599197059612307327894959",
"length": 697.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6746eae4bbaddcc16b40efb33dab79210828b3ce",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_disable_hw"
},
"id": "CVE-2022-50491-8f3cce76",
"signature_type": "Function",
"digest": {
"function_hash": "73207494949374488817812426627069416565",
"length": 623.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_disable_hw"
},
"id": "CVE-2022-50491-a7339dcc",
"signature_type": "Function",
"digest": {
"function_hash": "264125227783637357475655729410354158328",
"length": 606.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6746eae4bbaddcc16b40efb33dab79210828b3ce",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c",
"function": "cti_enable_hw"
},
"id": "CVE-2022-50491-c65d3e0d",
"signature_type": "Function",
"digest": {
"function_hash": "93909056586532599197059612307327894959",
"length": 697.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c"
},
"id": "CVE-2022-50491-ca8967b5",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136082628046774151651751032329227002743",
"4121973922804849949572041217022049940",
"200641738851577350415027807200213457369",
"81038506446212046130913997246305847534",
"169463800294515338379695851197479286403",
"98544524750309906207942827326915445913",
"567047323916597725078213282498788082",
"160562240523768507523077388953422394144",
"41766393851770903092674013848275985824",
"111518799630494447893238269504369409664",
"249734821680347670790674760620454370775",
"319770805428527370637204354429187613909",
"28384441718991952122201345141995780848",
"259825381442701589552202260058280488070",
"171985055361099708570055886606835302248",
"223375355287638071741182522441410057577",
"137807356443644126060524967277676424844",
"203410219813058234433341586029554541151",
"181603935819813443325997189813357209761"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6746eae4bbaddcc16b40efb33dab79210828b3ce",
"target": {
"file": "drivers/hwtracing/coresight/coresight-cti-core.c"
},
"id": "CVE-2022-50491-fc4572b7",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136082628046774151651751032329227002743",
"4121973922804849949572041217022049940",
"200641738851577350415027807200213457369",
"81038506446212046130913997246305847534",
"169463800294515338379695851197479286403",
"98544524750309906207942827326915445913",
"567047323916597725078213282498788082",
"160562240523768507523077388953422394144",
"41766393851770903092674013848275985824",
"111518799630494447893238269504369409664",
"249734821680347670790674760620454370775",
"319770805428527370637204354429187613909",
"28384441718991952122201345141995780848",
"259825381442701589552202260058280488070",
"171985055361099708570055886606835302248",
"223375355287638071741182522441410057577",
"137807356443644126060524967277676424844",
"203410219813058234433341586029554541151",
"181603935819813443325997189813357209761"
]
},
"deprecated": false,
"signature_version": "v1"
}
]