CVE-2025-40327

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/core: Fix system hang caused by cpu-clock usage<br /> <br /> cpu-clock usage by the async-profiler tool can trigger a system hang,<br /> which got bisected back to the following commit by Octavia Togami:<br /> <br /> 18dbcbfabfff ("perf: Fix the POLL_HUP delivery breakage") causes this issue<br /> <br /> The root cause of the hang is that cpu-clock is a special type of SW<br /> event which relies on hrtimers. The __perf_event_overflow() callback<br /> is invoked from the hrtimer handler for cpu-clock events, and<br /> __perf_event_overflow() tries to call cpu_clock_event_stop()<br /> to stop the event, which calls htimer_cancel() to cancel the hrtimer.<br /> <br /> But that&amp;#39;s a recursion into the hrtimer code from a hrtimer handler,<br /> which (unsurprisingly) deadlocks.<br /> <br /> To fix this bug, use hrtimer_try_to_cancel() instead, and set<br /> the PERF_HES_STOPPED flag, which causes perf_swevent_hrtimer()<br /> to stop the event once it sees the PERF_HES_STOPPED flag.<br /> <br /> [ mingo: Fixed the comments and improved the changelog. ]