Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Yang Jihing reported a race between perf_event_set_output() and perf_mmap_close(): CPU1 CPU2 perf_mmap_close(e2) if (atomic_dec_and_test(&e2->rb->mmap_count)) // 1 - > 0 detach_rest = true ioctl(e1, IOC_SET_OUTPUT, e2) perf_event_set_output(e1, e2) ... list_for_each_entry_rcu(e, &e2->rb->event_list, rb_entry) ring_buffer_attach(e, NULL); // e1 isn't yet added and // therefore not detached ring_buffer_attach(e1, e2->rb) list_add_rcu(&e1->rb_entry, &e2->rb->event_list) After this; e1 is attached to an unmapped rb and a subsequent perf_mmap() will loop forever more: again: mutex_lock(&e->mmap_mutex); if (event->rb) { ... if (!atomic_inc_not_zero(&e->rb->mmap_count)) { ... mutex_unlock(&e->mmap_mutex); goto again; } } The loop in perf_mmap_close() holds e2->mmap_mutex, while the attach in perf_event_set_output() holds e1->mmap_mutex. As such there is no serialization to avoid this race. Change perf_event_set_output() to take both e1->mmap_mutex and e2->mmap_mutex to alleviate that problem. Additionally, have the loop in perf_mmap() detach the rb directly, this avoids having to wait for the concurrent perf_mmap_close() to get around to doing it to make progress.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.2.49, < 3.3 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/17f5417194136517ee9bbd6511249e5310e5617cPatch
- https://git.kernel.org/stable/c/3bbd868099287ff9027db59029b502fcfa2202a0Patch
- https://git.kernel.org/stable/c/43128b3eee337824158f34da6648163d2f2fb937Patch
- https://git.kernel.org/stable/c/68e3c69803dada336893640110cb87221bb01dcfPatch
- https://git.kernel.org/stable/c/98c3c8fd0d4c560e0f8335b79c407bbf7fc9462cPatch
- https://git.kernel.org/stable/c/a9391ff7a7c5f113d6f2bf6621d49110950de49cPatch
- https://git.kernel.org/stable/c/da3c256e2d0ebc87c7db0c605c9692b6f1722074Patch
- https://git.kernel.org/stable/c/f836f9ac95df15f1e0af4beb0ec20021e8c91998Patch
FAQ
What is CVE-2022-49607?
CVE-2022-49607 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Yang Jihing reported a race between perf_event_set_...
How severe is CVE-2022-49607?
CVE-2022-49607 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49607?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.