Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa counters") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided L1<->L2 context switch latency counters to L1 user-space via perf-events. However the newly introduced PMU named 'vpa_pmu' doesn't assign ownership of the PMU to the module 'vpa_pmu'. Consequently the module 'vpa_pmu' can be unloaded while one of the perf-events are still active, which can lead to kernel oops and panic of the form below on a Pseries-LPAR: BUG: Kernel NULL pointer dereference on read at 0x00000058 <snip> NIP [c000000000506cb8] event_sched_out+0x40/0x258 LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0 Call Trace: [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable) [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0 [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120 <snip> Kernel panic - not syncing: Aiee, killing interrupt handler! Fix this by adding the module ownership to 'vpa_pmu' so that the module 'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events are initialized.

Weaknesses 1

Affected Products 2

References 3

• git.kernel.org https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9
  Patch
• git.kernel.org https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa
  Patch
• git.kernel.org https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78
  Patch

Remediation

• git.kernel.org https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9
  Patch
• git.kernel.org https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa
  Patch
• git.kernel.org https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78
  Patch