CVE-2025-21895 Information

Description

In the Linux kernel the following vulnerability has been resolved:

perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list

Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context but not in the same order.

The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different.

To fix this problem insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list.

The follow testcase can trigger above warning:

perf record -e cycles –call-graph lbr – taskset -c 3 ./a.out & perf stat -e cpu-clockcs -p xxx // xxx is the pid of a.out

test.c

void main() int count = 0; pid_t pid;

    printf(\%d running\n\ getpid());
    sleep(30);
    printf(
unning\n\);

    pid = fork();
    if (pid == -1) 
            printf(ork error\n\);
            return;
    
    if (pid == 0) 
            while (1) 
                    count++;
            
     else 
            while (1) 
                    count++;

The testcase first opens an LBR event so it will allocate task_ctx_data and then open tracepoint and software events so the parent context will have 3 different perf_event_pmu_contexts. On inheritance child ctx will insert the perf_event_pmu_context in another order and the warning will trigger.

[ mingo: Tidied up the changelog. ]

Reference

https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2 https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5 https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343 https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23