--- /dev/null
+From 9360dfe4cbd62ff1eb8217b815964931523b75b3 Mon Sep 17 00:00:00 2001
+From: Andrea Righi <arighi@nvidia.com>
+Date: Mon, 3 Mar 2025 18:51:59 +0100
+Subject: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
+
+From: Andrea Righi <arighi@nvidia.com>
+
+commit 9360dfe4cbd62ff1eb8217b815964931523b75b3 upstream.
+
+If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids
+range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel
+crash.
+
+To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and
+trigger an scx error if an invalid CPU is specified.
+
+Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class")
+Cc: stable@vger.kernel.org # v6.12+
+Signed-off-by: Andrea Righi <arighi@nvidia.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sched/ext.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/sched/ext.c
++++ b/kernel/sched/ext.c
+@@ -6376,6 +6376,9 @@ __bpf_kfunc_start_defs();
+ __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu,
+ u64 wake_flags, bool *is_idle)
+ {
++ if (!ops_cpu_valid(prev_cpu, NULL))
++ goto prev_cpu;
++
+ if (!static_branch_likely(&scx_builtin_idle_enabled)) {
+ scx_ops_error("built-in idle tracking is disabled");
+ goto prev_cpu;
projects / thirdparty / kernel / stable-queue.git / commitdiff
