CVE-2023-53215

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/fair: Don&amp;#39;t balance task to its current running CPU<br /> <br /> We&amp;#39;ve run into the case that the balancer tries to balance a migration<br /> disabled task and trigger the warning in set_task_cpu() like below:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240<br /> Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <br /> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1<br /> Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021<br /> pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : set_task_cpu+0x188/0x240<br /> lr : load_balance+0x5d0/0xc60<br /> sp : ffff80000803bc70<br /> x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040<br /> x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001<br /> x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78<br /> x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000<br /> x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000<br /> x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530<br /> x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e<br /> x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a<br /> x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001<br /> Call trace:<br /> set_task_cpu+0x188/0x240<br /> load_balance+0x5d0/0xc60<br /> rebalance_domains+0x26c/0x380<br /> _nohz_idle_balance.isra.0+0x1e0/0x370<br /> run_rebalance_domains+0x6c/0x80<br /> __do_softirq+0x128/0x3d8<br /> ____do_softirq+0x18/0x24<br /> call_on_irq_stack+0x2c/0x38<br /> do_softirq_own_stack+0x24/0x3c<br /> __irq_exit_rcu+0xcc/0xf4<br /> irq_exit_rcu+0x18/0x24<br /> el1_interrupt+0x4c/0xe4<br /> el1h_64_irq_handler+0x18/0x2c<br /> el1h_64_irq+0x74/0x78<br /> arch_cpu_idle+0x18/0x4c<br /> default_idle_call+0x58/0x194<br /> do_idle+0x244/0x2b0<br /> cpu_startup_entry+0x30/0x3c<br /> secondary_start_kernel+0x14c/0x190<br /> __secondary_switched+0xb0/0xb4<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> Further investigation shows that the warning is superfluous, the migration<br /> disabled task is just going to be migrated to its current running CPU.<br /> This is because that on load balance if the dst_cpu is not allowed by the<br /> task, we&amp;#39;ll re-select a new_dst_cpu as a candidate. If no task can be<br /> balanced to dst_cpu we&amp;#39;ll try to balance the task to the new_dst_cpu<br /> instead. In this case when the migration disabled task is not on CPU it<br /> only allows to run on its current CPU, load balance will select its<br /> current CPU as new_dst_cpu and later triggers the warning above.<br /> <br /> The new_dst_cpu is chosen from the env-&gt;dst_grpmask. Currently it<br /> contains CPUs in sched_group_span() and if we have overlapped groups it&amp;#39;s<br /> possible to run into this case. This patch makes env-&gt;dst_grpmask of<br /> group_balance_mask() which exclude any CPUs from the busiest group and<br /> solve the issue. For balancing in a domain with no overlapped groups<br /> the behaviour keeps same as before.