CVE-2023-52839
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52839
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52839.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52839
- Downstream
- Published
- 2024-05-21T15:31:39.196Z
- Modified
- 2025-11-29T22:34:46.075327Z
- Summary
- drivers: perf: Do not broadcast to other cpus when starting a counter
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drivers: perf: Do not broadcast to other cpus when starting a counter
This command:
$ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000
gives rise to this kernel warning:
[ 444.364395] WARNING: CPU: 0 PID: 104 at kernel/smp.c:775 smpcallfunctionmanycond+0x42c/0x436 [ 444.364515] Modules linked in: [ 444.364657] CPU: 0 PID: 104 Comm: perf-exec Not tainted 6.6.0-rc6-00051-g391df82e8ec3-dirty #73 [ 444.364771] Hardware name: riscv-virtio,qemu (DT) [ 444.364868] epc : smpcallfunctionmanycond+0x42c/0x436 [ 444.364917] ra : oneachcpucondmask+0x20/0x32 [ 444.364948] epc : ffffffff8009f9e0 ra : ffffffff8009fa5a sp : ff20000000003800 [ 444.364966] gp : ffffffff81500aa0 tp : ff60000002b83000 t0 : ff200000000038c0 [ 444.364982] t1 : ffffffff815021f0 t2 : 000000000000001f s0 : ff200000000038b0 [ 444.364998] s1 : ff60000002c54d98 a0 : ff60000002a73940 a1 : 0000000000000000 [ 444.365013] a2 : 0000000000000000 a3 : 0000000000000003 a4 : 0000000000000100 [ 444.365029] a5 : 0000000000010100 a6 : 0000000000f00000 a7 : 0000000000000000 [ 444.365044] s2 : 0000000000000000 s3 : ffffffffffffffff s4 : ff60000002c54d98 [ 444.365060] s5 : ffffffff81539610 s6 : ffffffff80c20c48 s7 : 0000000000000000 [ 444.365075] s8 : 0000000000000000 s9 : 0000000000000001 s10: 0000000000000001 [ 444.365090] s11: ffffffff80099394 t3 : 0000000000000003 t4 : 00000000eac0c6e6 [ 444.365104] t5 : 0000000400000000 t6 : ff60000002e010d0 [ 444.365120] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 444.365226] [<ffffffff8009f9e0>] smpcallfunctionmanycond+0x42c/0x436 [ 444.365295] [<ffffffff8009fa5a>] oneachcpucondmask+0x20/0x32 [ 444.365311] [<ffffffff806e90dc>] pmusbictrstart+0x7a/0xaa [ 444.365327] [<ffffffff806e880c>] riscvpmustart+0x48/0x66 [ 444.365339] [<ffffffff8012111a>] perfadjustfrequnthrcontext+0x196/0x1ac [ 444.365356] [<ffffffff801237aa>] perfeventtasktick+0x78/0x8c [ 444.365368] [<ffffffff8003faf4>] schedulertick+0xe6/0x25e [ 444.365383] [<ffffffff8008a042>] updateprocesstimes+0x80/0x96 [ 444.365398] [<ffffffff800991ec>] tickschedhandle+0x26/0x52 [ 444.365410] [<ffffffff800993e4>] tickschedtimer+0x50/0x98 [ 444.365422] [<ffffffff8008a6aa>] _hrtimerrunqueues+0x126/0x18a [ 444.365433] [<ffffffff8008b350>] hrtimerinterrupt+0xce/0x1da [ 444.365444] [<ffffffff806cdc60>] riscvtimerinterrupt+0x30/0x3a [ 444.365457] [<ffffffff8006afa6>] handlepercpudevidirq+0x80/0x114 [ 444.365470] [<ffffffff80065b82>] generichandledomainirq+0x1c/0x2a [ 444.365483] [<ffffffff8045faec>] riscvintcirq+0x2e/0x46 [ 444.365497] [<ffffffff808a9c62>] handleriscvirq+0x4a/0x74 [ 444.365521] [<ffffffff808aa760>] doirq+0x7c/0x7e [ 444.365796] ---[ end trace 0000000000000000 ]---
That's because the fix in commit 3fec323339a4 ("drivers: perf: Fix panic in riscv SBI mmap support") was wrong since there is no need to broadcast to other cpus when starting a counter, that's only needed in mmap when the counters could have already been started on other cpus, so simply remove this broadcast.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52839.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/61e3d993c8bd3e80f8f1363ed5e04f88ab531b72
- https://git.kernel.org/stable/c/85be1a73fd298ed3fd060dfce97caef5f9928c57
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52839.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52839