Description

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called without preceding balance_scx()") added a workaround to handle the cases where pick_task_scx() is called without prececing balance_scx() which is due to a fair class bug where pick_taks_fair() may return NULL after a true return from balance_fair(). The workaround detects when pick_task_scx() is called without preceding balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid stalling. Unfortunately, the workaround code was testing whether @prev was on SCX to decide whether to keep the task running. This is incorrect as the task may be on SCX but no longer runnable. This could lead to a non-runnable task to be returned from pick_task_scx() which cause interesting confusions and failures. e.g. A common failure mode is the task ending up with (!on_rq && on_cpu) state which can cause potential wakers to busy loop, which can easily lead to deadlocks. Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes @prev_on_scx only used in one place. Open code the usage and improve the comment while at it.

Weaknesses 1

Affected Products 7

References 3

• git.kernel.org https://git.kernel.org/stable/c/5324c459f90d16b0c43a78b494c598915d782b7a
  Patch
• git.kernel.org https://git.kernel.org/stable/c/8fef0a3b17bb258130a4fcbcb5addf94b25e9ec5
  Patch
• git.kernel.org https://git.kernel.org/stable/c/de60a31cb0bcacfaf9487546eac5e70e0a9c66d7
  Patch

Remediation

• git.kernel.org https://git.kernel.org/stable/c/5324c459f90d16b0c43a78b494c598915d782b7a
  Patch
• git.kernel.org https://git.kernel.org/stable/c/8fef0a3b17bb258130a4fcbcb5addf94b25e9ec5
  Patch
• git.kernel.org https://git.kernel.org/stable/c/de60a31cb0bcacfaf9487546eac5e70e0a9c66d7
  Patch