]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 411d3ef) | patch
sched_ext: Guard scx_dsq_move() against NULL kit->dsq after failed iter_new
authorTejun Heo <tj@kernel.org>
Sat, 25 Apr 2026 00:31:35 +0000 (14:31 -1000)
committerTejun Heo <tj@kernel.org>
Sat, 25 Apr 2026 00:31:35 +0000 (14:31 -1000)
commit4fda9f0e7c950da4fe03cedeb2ac818edf5d03e9
treecd1b6adff1970c12664671392d422a61712383b5tree | snapshot
parent411d3ef1a70589755e3beed2f5bf1f8aa0c27d1acommit | diff
sched_ext: Guard scx_dsq_move() against NULL kit->dsq after failed iter_new

bpf_iter_scx_dsq_new() clears kit->dsq on failure and
bpf_iter_scx_dsq_{next,destroy}() guard against that. scx_dsq_move() doesn't -
it dereferences kit->dsq immediately, so a BPF program that calls
scx_bpf_dsq_move[_vtime]() after a failed iter_new oopses the kernel.

Return false if kit->dsq is NULL.

Fixes: 4c30f5ce4f7a ("sched_ext: Implement scx_bpf_dispatch[_vtime]_from_dsq()")
Cc: stable@vger.kernel.org # v6.12+
Reported-by: Chris Mason <clm@meta.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Andrea Righi <arighi@nvidia.com>
kernel/sched/ext.c diff | blob | blame | history
A mirror of Linus' kernel repository