ghsa-r3v9-vm52-w2px
Vulnerability from github
Published
2025-12-30 15:30
Modified
2025-12-30 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT

lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads to checking if preemption is enabled, for example:

BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693 caller is lparcfg_data+0x408/0x19a0 CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2 Call Trace: dump_stack_lvl+0x154/0x200 (unreliable) check_preemption_disabled+0x214/0x220 lparcfg_data+0x408/0x19a0 ...

This isn't actually a problem however, as it does not matter which lppaca is accessed, the shared proc state will be the same. vcpudispatch_stats_procfs_init() already works around this by disabling preemption, but the lparcfg code does not, erroring any time /proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled.

Instead of disabling preemption on the caller side, rework lppaca_shared_proc() to not take a pointer and instead directly access the lppaca, bypassing any potential preemption checks.

[mpe: Rework to avoid needing a definition in paca.h and lppaca.h]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54267"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T13:16:15Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT\n\nlppaca_shared_proc() takes a pointer to the lppaca which is typically\naccessed through get_lppaca().  With DEBUG_PREEMPT enabled, this leads\nto checking if preemption is enabled, for example:\n\n  BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693\n  caller is lparcfg_data+0x408/0x19a0\n  CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2\n  Call Trace:\n    dump_stack_lvl+0x154/0x200 (unreliable)\n    check_preemption_disabled+0x214/0x220\n    lparcfg_data+0x408/0x19a0\n    ...\n\nThis isn\u0027t actually a problem however, as it does not matter which\nlppaca is accessed, the shared proc state will be the same.\nvcpudispatch_stats_procfs_init() already works around this by disabling\npreemption, but the lparcfg code does not, erroring any time\n/proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled.\n\nInstead of disabling preemption on the caller side, rework\nlppaca_shared_proc() to not take a pointer and instead directly access\nthe lppaca, bypassing any potential preemption checks.\n\n[mpe: Rework to avoid needing a definition in paca.h and lppaca.h]",
  "id": "GHSA-r3v9-vm52-w2px",
  "modified": "2025-12-30T15:30:34Z",
  "published": "2025-12-30T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54267"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2935443dc9c28499223d8c881474259e4b998f2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c5e8e666794d7dde6d14ea846c6c04f2bb34900"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c8568cf4c45b415854195c8832b557cdefba57a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/953c54dfdc5d3eb7243ed902b50acb5ea1db4355"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eac030b22ea12cdfcbb2e941c21c03964403c63f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f45ee5c074013a0fbfce77a5af5efddb01f5d4f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.