fkie_cve-2022-50491
Vulnerability from fkie_nvd
Published
2025-10-04 16:15
Modified
2025-10-06 14:56
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852 ("Revert "firmware: arm_scmi: Add clock management to the SCMI power domain""), this causes a hang on Juno when running the Perf Coresight tests or running this command: perf record -e cs_etm//u -- ls This was also missed until the revert commit because pm_runtime_put() was called with the wrong device until commit 692c9a499b28 ("coresight: cti: Correct the parameter for pm_runtime_put") With lock and scheduler debugging enabled the following is output: coresight cti_sys0: cti_enable_hw -- dev:cti_sys0 parent: 20020000.cti BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 330, name: perf-exec preempt_count: 2, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948 softirqs last enabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7 Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13 2022 Call trace: dump_backtrace+0x134/0x140 show_stack+0x20/0x58 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 __might_resched+0x180/0x228 __might_sleep+0x50/0x88 __pm_runtime_resume+0xac/0xb0 cti_enable+0x44/0x120 coresight_control_assoc_ectdev+0xc0/0x150 coresight_enable_path+0xb4/0x288 etm_event_start+0x138/0x170 etm_event_add+0x48/0x70 event_sched_in.isra.122+0xb4/0x280 merge_sched_in+0x1fc/0x3d0 visit_groups_merge.constprop.137+0x16c/0x4b0 ctx_sched_in+0x114/0x1f0 perf_event_sched_in+0x60/0x90 ctx_resched+0x68/0xb0 perf_event_exec+0x138/0x508 begin_new_exec+0x52c/0xd40 load_elf_binary+0x6b8/0x17d0 bprm_execve+0x360/0x7f8 do_execveat_common.isra.47+0x218/0x238 __arm64_sys_execve+0x48/0x60 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.4+0xfc/0x120 do_el0_svc+0x34/0xc0 el0_svc+0x40/0x98 el0t_64_sync_handler+0x98/0xc0 el0t_64_sync+0x170/0x174 Fix the issue by removing the runtime PM calls completely. They are not needed here because it must have already been done when building the path for a trace. [ Fix build warnings ]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4c365a0c21aaf2b8fcc88de8dc298803288f61ac
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6746eae4bbaddcc16b40efb33dab79210828b3ce
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: cti: Fix hang in cti_disable_hw()\n\ncti_enable_hw() and cti_disable_hw() are called from an atomic context\nso shouldn\u0027t use runtime PM because it can result in a sleep when\ncommunicating with firmware.\n\nSince commit 3c6656337852 (\"Revert \"firmware: arm_scmi: Add clock\nmanagement to the SCMI power domain\"\"), this causes a hang on Juno when\nrunning the Perf Coresight tests or running this command:\n\n  perf record -e cs_etm//u -- ls\n\nThis was also missed until the revert commit because pm_runtime_put()\nwas called with the wrong device until commit 692c9a499b28 (\"coresight:\ncti: Correct the parameter for pm_runtime_put\")\n\nWith lock and scheduler debugging enabled the following is output:\n\n   coresight cti_sys0: cti_enable_hw -- dev:cti_sys0  parent: 20020000.cti\n   BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151\n   in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 330, name: perf-exec\n   preempt_count: 2, expected: 0\n   RCU nest depth: 0, expected: 0\n   INFO: lockdep is turned off.\n   irq event stamp: 0\n   hardirqs last  enabled at (0): [\u003c0000000000000000\u003e] 0x0\n   hardirqs last disabled at (0): [\u003cffff80000822b394\u003e] copy_process+0xa0c/0x1948\n   softirqs last  enabled at (0): [\u003cffff80000822b394\u003e] copy_process+0xa0c/0x1948\n   softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n   CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7\n   Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13 2022\n   Call trace:\n    dump_backtrace+0x134/0x140\n    show_stack+0x20/0x58\n    dump_stack_lvl+0x8c/0xb8\n    dump_stack+0x18/0x34\n    __might_resched+0x180/0x228\n    __might_sleep+0x50/0x88\n    __pm_runtime_resume+0xac/0xb0\n    cti_enable+0x44/0x120\n    coresight_control_assoc_ectdev+0xc0/0x150\n    coresight_enable_path+0xb4/0x288\n    etm_event_start+0x138/0x170\n    etm_event_add+0x48/0x70\n    event_sched_in.isra.122+0xb4/0x280\n    merge_sched_in+0x1fc/0x3d0\n    visit_groups_merge.constprop.137+0x16c/0x4b0\n    ctx_sched_in+0x114/0x1f0\n    perf_event_sched_in+0x60/0x90\n    ctx_resched+0x68/0xb0\n    perf_event_exec+0x138/0x508\n    begin_new_exec+0x52c/0xd40\n    load_elf_binary+0x6b8/0x17d0\n    bprm_execve+0x360/0x7f8\n    do_execveat_common.isra.47+0x218/0x238\n    __arm64_sys_execve+0x48/0x60\n    invoke_syscall+0x4c/0x110\n    el0_svc_common.constprop.4+0xfc/0x120\n    do_el0_svc+0x34/0xc0\n    el0_svc+0x40/0x98\n    el0t_64_sync_handler+0x98/0xc0\n    el0t_64_sync+0x170/0x174\n\nFix the issue by removing the runtime PM calls completely. They are not\nneeded here because it must have already been done when building the\npath for a trace.\n\n[ Fix build warnings ]"
    }
  ],
  "id": "CVE-2022-50491",
  "lastModified": "2025-10-06T14:56:47.823",
  "metrics": {},
  "published": "2025-10-04T16:15:46.073",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4c365a0c21aaf2b8fcc88de8dc298803288f61ac"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6746eae4bbaddcc16b40efb33dab79210828b3ce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c51cfba50df8b9e16bfe0e6d4f2f252a4a10063d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e33ce54cef5d429430e3b1ae5c8ee4f4103c4fdc"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.