From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Mar 2025 15:28:54 +0000 (+0100)
Subject: 6.13-stable patches
X-Git-Tag: v6.6.84~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3e4c9ba7b3ff9ba0f950fcf3333e53c6f146165;p=thirdparty%2Fkernel%2Fstable-queue.git

6.13-stable patches

added patches:
	sched_ext-validate-prev_cpu-in-scx_bpf_select_cpu_dfl.patch
---

diff --git a/queue-6.13/sched_ext-validate-prev_cpu-in-scx_bpf_select_cpu_dfl.patch b/queue-6.13/sched_ext-validate-prev_cpu-in-scx_bpf_select_cpu_dfl.patch
new file mode 100644
index 0000000000..0fa1777d34
--- /dev/null
+++ b/queue-6.13/sched_ext-validate-prev_cpu-in-scx_bpf_select_cpu_dfl.patch
@@ -0,0 +1,37 @@
+From 9360dfe4cbd62ff1eb8217b815964931523b75b3 Mon Sep 17 00:00:00 2001
+From: Andrea Righi <arighi@nvidia.com>
+Date: Mon, 3 Mar 2025 18:51:59 +0100
+Subject: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
+
+From: Andrea Righi <arighi@nvidia.com>
+
+commit 9360dfe4cbd62ff1eb8217b815964931523b75b3 upstream.
+
+If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids
+range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel
+crash.
+
+To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and
+trigger an scx error if an invalid CPU is specified.
+
+Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class")
+Cc: stable@vger.kernel.org # v6.12+
+Signed-off-by: Andrea Righi <arighi@nvidia.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sched/ext.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/sched/ext.c
++++ b/kernel/sched/ext.c
+@@ -6376,6 +6376,9 @@ __bpf_kfunc_start_defs();
+ __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu,
+ 				       u64 wake_flags, bool *is_idle)
+ {
++	if (!ops_cpu_valid(prev_cpu, NULL))
++		goto prev_cpu;
++
+ 	if (!static_branch_likely(&scx_builtin_idle_enabled)) {
+ 		scx_ops_error("built-in idle tracking is disabled");
+ 		goto prev_cpu;
diff --git a/queue-6.13/series b/queue-6.13/series
index cf5c2c15d9..fe7d747f8b 100644
--- a/queue-6.13/series
+++ b/queue-6.13/series
@@ -155,3 +155,4 @@ drm-nouveau-do-not-override-forced-connector-status.patch
 net-handle-napi_schedule-calls-from-non-interrupt.patch
 block-fix-kmem_cache-of-name-bio-108-already-exists.patch
 vhost-return-task-creation-error-instead-of-null.patch
+sched_ext-validate-prev_cpu-in-scx_bpf_select_cpu_dfl.patch