| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250801141741.355059-1-christian.loehle@arm.com> Date: Fri, 1 Aug 2025 15:17:38 +0100 From: Christian Loehle <christian.loehle@....com> To: christian.loehle@....com, linux-kernel@...r.kernel.org, sched-ext@...ts.linux.dev, tj@...nel.org, void@...ifault.com, arighi@...dia.com Cc: mingo@...hat.com, peterz@...radead.org Subject: [PATCH 0/3] sched_ext: Harden scx_bpf_cpu_rq() scx_bpf_cpu_rq() currently allows accessing struct rq fields without holding the associated rq. It is being used by scx_cosmos, scx_flash, scx_lavd, scx_layered, and scx_tickless. Fortunately it is only ever used to fetch rq->curr. So provide an alternative scx_bpf_remote_curr() that doesn't expose struct rq and harden scx_bpf_cpu_rq() by ensuring we hold the rq lock. This also simplifies scx code from: rq = scx_bpf_cpu_rq(cpu); if (!rq) return; p = rq->curr if (!p) return; /* ... Do something with p */ into: p = scx_bpf_remote_curr(cpu); if (!p) return; /* ... Do something with p */ Patch 1 was previously submitted and can be applied independently of the other two. https://lore.kernel.org/lkml/43a9cbdc-5121-4dc8-8438-0f01c90a4687@arm.com/ https://lore.kernel.org/lkml/0b8111c6-1b14-41dc-a674-14a6361992b3@arm.com/ Christian Loehle (3): sched_ext: Mark scx_bpf_cpu_rq as NULL returnable sched_ext: Provide scx_bpf_remote_curr() sched_ext: Guarantee rq lock on scx_bpf_cpu_rq() kernel/sched/ext.c | 21 ++++++++++++++++++--- tools/sched_ext/include/scx/common.bpf.h | 1 + 2 files changed, 19 insertions(+), 3 deletions(-) -- 2.34.1
Powered by blists - more mailing lists