CVE-2025-21897

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched_ext: Fix pick_task_scx() picking non-queued tasks when it&amp;#39;s called without balance()<br /> <br /> a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called<br /> without preceding balance_scx()") added a workaround to handle the cases<br /> where pick_task_scx() is called without prececing balance_scx() which is due<br /> to a fair class bug where pick_taks_fair() may return NULL after a true<br /> return from balance_fair().<br /> <br /> The workaround detects when pick_task_scx() is called without preceding<br /> balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid<br /> stalling. Unfortunately, the workaround code was testing whether @prev was<br /> on SCX to decide whether to keep the task running. This is incorrect as the<br /> task may be on SCX but no longer runnable.<br /> <br /> This could lead to a non-runnable task to be returned from pick_task_scx()<br /> which cause interesting confusions and failures. e.g. A common failure mode<br /> is the task ending up with (!on_rq &amp;&amp; on_cpu) state which can cause<br /> potential wakers to busy loop, which can easily lead to deadlocks.<br /> <br /> Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes<br /> @prev_on_scx only used in one place. Open code the usage and improve the<br /> comment while at it.