CVE-2025-21771

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched_ext: Fix incorrect autogroup migration detection<br /> <br /> scx_move_task() is called from sched_move_task() and tells the BPF scheduler<br /> that cgroup migration is being committed. sched_move_task() is used by both<br /> cgroup and autogroup migrations and scx_move_task() tried to filter out<br /> autogroup migrations by testing the destination cgroup and PF_EXITING but<br /> this is not enough. In fact, without explicitly tagging the thread which is<br /> doing the cgroup migration, there is no good way to tell apart<br /> scx_move_task() invocations for racing migration to the root cgroup and an<br /> autogroup migration.<br /> <br /> This led to scx_move_task() incorrectly ignoring a migration from non-root<br /> cgroup to an autogroup of the root cgroup triggering the following warning:<br /> <br /> WARNING: CPU: 7 PID: 1 at kernel/sched/ext.c:3725 scx_cgroup_can_attach+0x196/0x340<br /> ...<br /> Call Trace:<br /> <br /> cgroup_migrate_execute+0x5b1/0x700<br /> cgroup_attach_task+0x296/0x400<br /> __cgroup_procs_write+0x128/0x140<br /> cgroup_procs_write+0x17/0x30<br /> kernfs_fop_write_iter+0x141/0x1f0<br /> vfs_write+0x31d/0x4a0<br /> __x64_sys_write+0x72/0xf0<br /> do_syscall_64+0x82/0x160<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> Fix it by adding an argument to sched_move_task() that indicates whether the<br /> moving is for a cgroup or autogroup migration. After the change,<br /> scx_move_task() is called only for cgroup migrations and renamed to<br /> scx_cgroup_move_task().