git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	David Carlier <devnexen@gmail.com>
	Thu, 30 Apr 2026 09:27:47 +0000 (10:27 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 14 May 2026 13:31:16 +0000 (15:31 +0200)
commit	dd6fc400a73e935e6077fac1d2330f4da025f4df
tree	b9a2e283f39f74fa70f124bd97040a28c994d327	tree \| snapshot
parent	6151967cf2e1995aad2b432fda6e39fd1af31f51	commit \| diff

sched_ext: idle: Recheck prev_cpu after narrowing allowed mask

commit b34c82777a2c0648ee053595f4b290fd5249b093 upstream.

scx_select_cpu_dfl() narrows @allowed to @cpus_allowed & @p->cpus_ptr
when the BPF caller supplies a @cpus_allowed that differs from
@p->cpus_ptr and @p doesn't have full affinity. However,
@is_prev_allowed was computed against the original (wider)
@cpus_allowed, so the prev_cpu fast paths could pick a @prev_cpu that
is in @cpus_allowed but not in @p->cpus_ptr, violating the intended
invariant that the returned CPU is always usable by @p. The kernel
masks this via the SCX_EV_SELECT_CPU_FALLBACK fallback, but the
behavior contradicts the documented contract.

Move the @is_prev_allowed evaluation past the narrowing block so it
tests against the final @allowed mask.

Fixes: ee9a4e92799d ("sched_ext: idle: Properly handle invalid prev_cpu during idle selection")
Cc: stable@vger.kernel.org # v6.16+
Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: David Carlier <devnexen@gmail.com>
Reviewed-by: Andrea Righi <arighi@nvidia.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>