| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025040132-CVE-2025-21897-241f@gregkh>
Date: Tue, 1 Apr 2025 16:25:33 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2025-21897: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance()
a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called
without preceding balance_scx()") added a workaround to handle the cases
where pick_task_scx() is called without prececing balance_scx() which is due
to a fair class bug where pick_taks_fair() may return NULL after a true
return from balance_fair().
The workaround detects when pick_task_scx() is called without preceding
balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid
stalling. Unfortunately, the workaround code was testing whether @prev was
on SCX to decide whether to keep the task running. This is incorrect as the
task may be on SCX but no longer runnable.
This could lead to a non-runnable task to be returned from pick_task_scx()
which cause interesting confusions and failures. e.g. A common failure mode
is the task ending up with (!on_rq && on_cpu) state which can cause
potential wakers to busy loop, which can easily lead to deadlocks.
Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes
@prev_on_scx only used in one place. Open code the usage and improve the
comment while at it.
The Linux kernel CVE team has assigned CVE-2025-21897 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.12 with commit a6250aa251eacaf3ebfcfe152a96a727fd483ecd and fixed in 6.12.18 with commit 5324c459f90d16b0c43a78b494c598915d782b7a
Issue introduced in 6.12 with commit a6250aa251eacaf3ebfcfe152a96a727fd483ecd and fixed in 6.13.6 with commit de60a31cb0bcacfaf9487546eac5e70e0a9c66d7
Issue introduced in 6.12 with commit a6250aa251eacaf3ebfcfe152a96a727fd483ecd and fixed in 6.14 with commit 8fef0a3b17bb258130a4fcbcb5addf94b25e9ec5
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-21897
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/sched/ext.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/5324c459f90d16b0c43a78b494c598915d782b7a
https://git.kernel.org/stable/c/de60a31cb0bcacfaf9487546eac5e70e0a9c66d7
https://git.kernel.org/stable/c/8fef0a3b17bb258130a4fcbcb5addf94b25e9ec5
Powered by blists - more mailing lists