From: Andrea Righi <arighi@nvidia.com>
Date: Mon, 3 Mar 2025 17:51:59 +0000 (+0100)
Subject: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
X-Git-Tag: v6.12.20~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=752b56bb76e2471197d25d6948d85753043b10da;p=thirdparty%2Fkernel%2Fstable.git

sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()

commit 9360dfe4cbd62ff1eb8217b815964931523b75b3 upstream.

If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids
range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel
crash.

To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and
trigger an scx error if an invalid CPU is specified.

Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class")
Cc: stable@vger.kernel.org # v6.12+
Signed-off-by: Andrea Righi <arighi@nvidia.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 325fd5b9d4715..e5cab54dfdd14 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -6052,6 +6052,9 @@ __bpf_kfunc_start_defs();
 __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu,
 				       u64 wake_flags, bool *is_idle)
 {
+	if (!ops_cpu_valid(prev_cpu, NULL))
+		goto prev_cpu;
+
 	if (!static_branch_likely(&scx_builtin_idle_enabled)) {
 		scx_ops_error("built-in idle tracking is disabled");
 		goto prev_cpu;