diff options
| author | Tejun Heo <tj@kernel.org> | 2026-04-25 03:31:35 +0300 |
|---|---|---|
| committer | Tejun Heo <tj@kernel.org> | 2026-04-25 03:31:35 +0300 |
| commit | 4fda9f0e7c950da4fe03cedeb2ac818edf5d03e9 (patch) | |
| tree | cd1b6adff1970c12664671392d422a61712383b5 /include/linux/stackprotector.h | |
| parent | 411d3ef1a70589755e3beed2f5bf1f8aa0c27d1a (diff) | |
| download | linux-4fda9f0e7c950da4fe03cedeb2ac818edf5d03e9.tar.xz | |
sched_ext: Guard scx_dsq_move() against NULL kit->dsq after failed iter_new
bpf_iter_scx_dsq_new() clears kit->dsq on failure and
bpf_iter_scx_dsq_{next,destroy}() guard against that. scx_dsq_move() doesn't -
it dereferences kit->dsq immediately, so a BPF program that calls
scx_bpf_dsq_move[_vtime]() after a failed iter_new oopses the kernel.
Return false if kit->dsq is NULL.
Fixes: 4c30f5ce4f7a ("sched_ext: Implement scx_bpf_dispatch[_vtime]_from_dsq()")
Cc: stable@vger.kernel.org # v6.12+
Reported-by: Chris Mason <clm@meta.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Andrea Righi <arighi@nvidia.com>
Diffstat (limited to 'include/linux/stackprotector.h')
0 files changed, 0 insertions, 0 deletions