| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aIzRkEZLGSFybEfd@gpd4> Date: Fri, 1 Aug 2025 16:39:12 +0200 From: Andrea Righi <arighi@...dia.com> To: Christian Loehle <christian.loehle@....com> Cc: linux-kernel@...r.kernel.org, sched-ext@...ts.linux.dev, tj@...nel.org, void@...ifault.com, mingo@...hat.com, peterz@...radead.org Subject: Re: [PATCH 0/3] sched_ext: Harden scx_bpf_cpu_rq() Hi Christian, thanks for tackling this! Comments below. On Fri, Aug 01, 2025 at 03:17:38PM +0100, Christian Loehle wrote: > scx_bpf_cpu_rq() currently allows accessing struct rq fields without > holding the associated rq. > It is being used by scx_cosmos, scx_flash, scx_lavd, scx_layered, and > scx_tickless. Fortunately it is only ever used to fetch rq->curr. > So provide an alternative scx_bpf_remote_curr() that doesn't expose > struct rq and harden scx_bpf_cpu_rq() by ensuring we hold the rq lock. > > This also simplifies scx code from: > > rq = scx_bpf_cpu_rq(cpu); > if (!rq) > return; > p = rq->curr > if (!p) > return; > /* ... Do something with p */ > > into: > > p = scx_bpf_remote_curr(cpu); > if (!p) > return; > /* ... Do something with p */ To be 100% correct I think we should do something similar to bpf_task_from_pid(), acquire a reference to the task and release it via bpf_task_release(). Basically: p = scx_bpf_remote_curr(cpu); if (!p) return; /* ... Do something with p */ bpf_task_release(p); Thanks -Andrea
Powered by blists - more mailing lists