CVE-2025-21897
01.04.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance()
a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called
without preceding balance_scx()") added a workaround to handle the cases
where pick_task_scx() is called without prececing balance_scx() which is due
to a fair class bug where pick_taks_fair() may return NULL after a true
return from balance_fair().
The workaround detects when pick_task_scx() is called without preceding
balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid
stalling. Unfortunately, the workaround code was testing whether @prev was
on SCX to decide whether to keep the task running. This is incorrect as the
task may be on SCX but no longer runnable.
This could lead to a non-runnable task to be returned from pick_task_scx()
which cause interesting confusions and failures. e.g. A common failure mode
is the task ending up with (!on_rq && on_cpu) state which can cause
potential wakers to busy loop, which can easily lead to deadlocks.
Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes
@prev_on_scx only used in one place. Open code the usage and improve the
comment while at it.Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 6.12.1 ≤ 𝑥 < 6.12.18 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.13.6 |
| linux | linux_kernel | 6.12 |
| linux | linux_kernel | 6.14:rc1 |
| linux | linux_kernel | 6.14:rc2 |
| linux | linux_kernel | 6.14:rc3 |
| linux | linux_kernel | 6.14:rc4 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration