sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()

commit 9360dfe4cbd62ff1eb8217b815964931523b75b3 upstream.

If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids
range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel
crash.

To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and
trigger an scx error if an invalid CPU is specified.

Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class")
Cc: stable@vger.kernel.org # v6.12+
Signed-off-by: Andrea Righi <arighi@nvidia.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 325fd5b9d47152b37062f3c5a6243d435ac5b3fb..e5cab54dfdd1425e366a6326a2db72e5af1d3dfa 100644 (file)
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -6052,6 +6052,9 @@ __bpf_kfunc_start_defs();
 __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu,
                                       u64 wake_flags, bool *is_idle)
 {
+       if (!ops_cpu_valid(prev_cpu, NULL))
+               goto prev_cpu;
+
        if (!static_branch_likely(&scx_builtin_idle_enabled)) {
                scx_ops_error("built-in idle tracking is disabled");
                goto prev_cpu;