Bug 721283 (CVE-2011-2693)

Summary: CVE-2011-2693 kernel: panic with NMI enabled while using perf
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anton, arozansk, bhu, cebbert, davej, dhoward, dzickus, fhrbata, james.leddy, jkacur, jolsa, kernel-mgr, kmcmartin, lgoncalv, lwang, phan, plougher, pmatouse, pzijlstr, rt-maint, security-response-team, sforsber, streeter, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-06 18:42:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 721293, 721294, 722369    
Bug Blocks: 721190    

Description Eugene Teo (Security Response) 2011-07-14 08:28:22 UTC 
Kernel panic when using perf and nmi_watchdog together.

The following patch solves the problems introduced by Robert's commit 41bf498 and reported by Arun Sharma. This commit gets rid of the base + index notation for reading and writing PMU msrs.

The problem is that for fixed counters, the new calculation for the base did not take into account the fixed counter indexes, thus all fixed counters were read/written from fixed counter 0. Although all fixed counters share the same config MSR, they each have their own counter register.

Without:

 $ task -e unhalted_core_cycles -e instructions_retired -e baclears noploop 1 noploop for 1 seconds

  242202299 unhalted_core_cycles (0.00% scaling, ena=1000790892, run=1000790892)
 2389685946 instructions_retired (0.00% scaling, ena=1000790892, run=1000790892)
      49473 baclears             (0.00% scaling, ena=1000790892, run=1000790892)

With:

 $ task -e unhalted_core_cycles -e instructions_retired -e baclears noploop 1 noploop for 1 seconds

 2392703238 unhalted_core_cycles (0.00% scaling, ena=1000840809, run=1000840809)
 2389793744 instructions_retired (0.00% scaling, ena=1000840809, run=1000840809)
      47863 baclears             (0.00% scaling, ena=1000840809, run=1000840809)

Upstream commit:
http://git.kernel.org/linus/fc66c5210ec2539e800e87d7b3a985323c7be96e
Comment 20 Eugene Teo (Security Response) 2011-08-12 06:42:28 UTC 
Upstream commit:
http://git.kernel.org/linus/fc66c5210ec2539e800e87d7b3a985323c7be96e
Comment 24 Petr Matousek 2011-09-06 18:42:43 UTC 

*** This bug has been marked as a duplicate of bug 719228 ***
Comment 25 Eugene Teo (Security Response) 2011-09-13 07:27:20 UTC 
(In reply to comment #24)
> 
> *** This bug has been marked as a duplicate of bug 719228 ***

It was found to be the same issue as CVE-2011-2521. CVE-2011-2693 is rejected.
Comment 26 Doran Moppert 2020-02-10 04:20:47 UTC 
Statement:

This flaw was found to be a duplicate of CVE-2011-2521. Please see https://access.redhat.com/security/cve/CVE-2011-2521 for information about affected products and security errata.