CVE-2023-53656

The driver needs to migrate the perf context if the current using CPU going to teardown. By the time calling the cpuhp::teardown() callback the cpuonlinemask() hasn't updated yet and still includes the CPU going to teardown. In current driver's implementation we may migrate the context to the teardown CPU and leads to the below calltrace:

... [ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008 [ 368.113699][ T932] Call trace: [ 368.116834][ T932] _switchto+0x7c/0xbc [ 368.120924][ T932] _schedule+0x338/0x6f0 [ 368.125098][ T932] schedule+0x50/0xe0 [ 368.128926][ T932] schedulepreemptdisabled+0x18/0x24 [ 368.134229][ T932] _mutexlock.constprop.0+0x1d4/0x5dc [ 368.139617][ T932] _mutexlockslowpath+0x1c/0x30 [ 368.144573][ T932] mutexlock+0x50/0x60 [ 368.148579][ T932] perfpmumigratecontext+0x84/0x2b0 [ 368.153884][ T932] hisipciepmuofflinecpu+0x90/0xe0 [hisipciepmu] [ 368.160579][ T932] cpuhpinvokecallback+0x2a0/0x650 [ 368.165707][ T932] cpuhpthreadfun+0xe4/0x190 [ 368.170316][ T932] smpbootthreadfn+0x15c/0x1a0 [ 368.175099][ T932] kthread+0x108/0x13c [ 368.179012][ T932] retfromfork+0x10/0x18 ...

Use function cpumaskanybut() to find one correct active cpu to fixes this issue.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8404b0fbc7fbd42e5c5d28cdedd450e70829c77a

Fixed

be9c8c9c84b6d25a7b7d39954030aba6f759feb6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8404b0fbc7fbd42e5c5d28cdedd450e70829c77a

Fixed

f564e543a43d0f1cabac791672c8a6fc78ce12d0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8404b0fbc7fbd42e5c5d28cdedd450e70829c77a

Fixed

b64569897d86b611befbb895d815280fea94e1ed

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8404b0fbc7fbd42e5c5d28cdedd450e70829c77a

Fixed

7a6a9f1c5a0a875a421db798d4b2ee022dc1ee1a

Affected versions

v5.*

v5.16

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.3.1

v6.3.10

v6.3.11

v6.3.12

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.3.7

v6.3.8

v6.3.9

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.2

v6.4.3

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

6.1.39

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.3.13

Type: ECOSYSTEM
Events: Introduced

6.4.0

Fixed

6.4.4