CVE-2025-38295

The Amlogic DDR PMU driver mesonddrpmucreate() function incorrectly uses smpprocessorid(), which assumes disabled preemption. This leads to kernel warnings during module loading because mesonddrpmucreate() can be called in a preemptible context.

Following kernel warning and stack trace: [ 31.745138] [ T2289] BUG: using smpprocessorid() in preemptible [00000000] code: (udev-worker)/2289 [ 31.745154] [ T2289] caller is debugsmpprocessorid+0x28/0x38 [ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0 [ 31.745181] [ T2289] Tainted: [W]=WARN [ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT) [ 31.745188] [ T2289] Call trace: [ 31.745191] [ T2289] showstack+0x28/0x40 (C) [ 31.745199] [ T2289] dumpstacklvl+0x4c/0x198 [ 31.745205] [ T2289] dumpstack+0x20/0x50 [ 31.745209] [ T2289] checkpreemptiondisabled+0xec/0xf0 [ 31.745213] [ T2289] debugsmpprocessorid+0x28/0x38 [ 31.745216] [ T2289] mesonddrpmucreate+0x200/0x560 [mesonddrpmug12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745237] [ T2289] g12ddrpmuprobe+0x20/0x38 [mesonddrpmug12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745246] [ T2289] platformprobe+0x98/0xe0 [ 31.745254] [ T2289] reallyprobe+0x144/0x3f8 [ 31.745258] [ T2289] _driverprobedevice+0xb8/0x180 [ 31.745261] [ T2289] driverprobedevice+0x54/0x268 [ 31.745264] [ T2289] _driverattach+0x11c/0x288 [ 31.745267] [ T2289] busforeachdev+0xfc/0x160 [ 31.745274] [ T2289] driverattach+0x34/0x50 [ 31.745277] [ T2289] busadddriver+0x160/0x2b0 [ 31.745281] [ T2289] driverregister+0x78/0x120 [ 31.745285] [ T2289] _platformdriverregister+0x30/0x48 [ 31.745288] [ T2289] initmodule+0x30/0xfe0 [mesonddrpmug12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745298] [ T2289] dooneinitcall+0x11c/0x438 [ 31.745303] [ T2289] doinitmodule+0x68/0x228 [ 31.745311] [ T2289] loadmodule+0x118c/0x13a8 [ 31.745315] [ T2289] _arm64sysfinitmodule+0x274/0x390 [ 31.745320] [ T2289] invokesyscall+0x74/0x108 [ 31.745326] [ T2289] el0svccommon+0x90/0xf8 [ 31.745330] [ T2289] doel0svc+0x2c/0x48 [ 31.745333] [ T2289] el0svc+0x60/0x150 [ 31.745337] [ T2289] el0t64synchandler+0x80/0x118 [ 31.745341] [ T2289] el0t64_sync+0x1b8/0x1c0

Changes replaces smpprocessorid() with rawsmpprocessor_id() to ensure safe CPU ID retrieval in preemptible contexts.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2016e2113d35ba06866961a39e9a9c822f2ffabd

Fixed

77511c2d2d1cbce8d9b4f50849843dd469d14173

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2016e2113d35ba06866961a39e9a9c822f2ffabd

Fixed

b038ffbd49e41f99228dbb0c66d6dd7b20292884

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2016e2113d35ba06866961a39e9a9c822f2ffabd

Fixed

6f5f53048d3b761d694430632d3a03977273e987

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2016e2113d35ba06866961a39e9a9c822f2ffabd

Fixed

097469a2b0f12b91b4f27b9e9e4f2c46484cde30

Affected versions

v6.*

v6.1

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.94

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.34

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.3