lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aBKomkWrLtPvnnB9@slm.duckdns.org>
Date: Wed, 30 Apr 2025 12:47:54 -1000
From: Tejun Heo <tj@...nel.org>
To: Andrea Righi <arighi@...dia.com>
Cc: David Vernet <void@...ifault.com>, Changwoo Min <changwoo@...lia.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH sched_ext/for-6.16] sched_ext: Avoid NULL scx_root deref
 in __scx_exit()

On Wed, Apr 30, 2025 at 10:40:21AM +0200, Andrea Righi wrote:
> A sched_ext scheduler may trigger __scx_exit() from a BPF timer
> callback, where scx_root may not be safely dereferenced.
> 
> This can lead to a NULL pointer dereference as shown below (triggered by
> scx_tickless):
> 
>  BUG: kernel NULL pointer dereference, address: 0000000000000330
> ...
>  CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.14.0-virtme #1 PREEMPT(full)
>  RIP: 0010:__scx_exit+0x2b/0x190
> ...
>  Call Trace:
>   <IRQ>
>   scx_bpf_get_idle_smtmask+0x59/0x80
>   bpf_prog_8320d4217989178c_dispatch_all_cpus+0x35/0x1b6
> ...
>   bpf_prog_97f847d871513f95_sched_timerfn+0x4c/0x264
>   bpf_timer_cb+0x7a/0x140
>   __hrtimer_run_queues+0x1f9/0x3a0
>   hrtimer_run_softirq+0x8c/0xd0
>   handle_softirqs+0xd3/0x3d0
>   __irq_exit_rcu+0x9a/0xc0
>   irq_exit_rcu+0xe/0x20
> 
> Fix this by checking for a valid scx_root and adding proper RCU
> protection.
> 
> Fixes: 48e1267773866 ("sched_ext: Introduce scx_sched")
> Signed-off-by: Andrea Righi <arighi@...dia.com>

Applied to sched_ext/for-6.16.

Thanks.

-- 
tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ