tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

sched_ext: Fix out-of-bounds access in scx_idle_init_masks()

scx_idle_node_masks is allocated with num_possible_nodes() elements but
indexed by NUMA node IDs via for_each_node(). On systems with
non-contiguous NUMA node numbering (e.g. nodes 0 and 4), node IDs can
exceed the array size, causing out-of-bounds memory corruption.

Use nr_node_ids instead, which represents the maximum node ID range and
is the correct size for arrays indexed by node ID.

Fixes: 7c60329e3521 ("sched_ext: Add NUMA-awareness to the default idle selection policy")
Signed-off-by: David Carlier <devnexen@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

authored by

David Carlier and committed by
Tejun Heo 2a064262 83236b2e

+2 -2
+2 -2
kernel/sched/ext_idle.c
··· 663 663 BUG_ON(!alloc_cpumask_var(&scx_idle_global_masks.cpu, GFP_KERNEL)); 664 664 BUG_ON(!alloc_cpumask_var(&scx_idle_global_masks.smt, GFP_KERNEL)); 665 665 666 - /* Allocate per-node idle cpumasks */ 667 - scx_idle_node_masks = kcalloc(num_possible_nodes(), 666 + /* Allocate per-node idle cpumasks (use nr_node_ids for non-contiguous NUMA nodes) */ 667 + scx_idle_node_masks = kcalloc(nr_node_ids, 668 668 sizeof(*scx_idle_node_masks), GFP_KERNEL); 669 669 BUG_ON(!scx_idle_node_masks); 670 670