CVE-2025-21771 Information

Description

In the Linux kernel the following vulnerability has been resolved:

sched_ext: Fix incorrect autogroup migration detection

scx_move_task() is called from sched_move_task() and tells the BPF scheduler that cgroup migration is being committed. sched_move_task() is used by both cgroup and autogroup migrations and scx_move_task() tried to filter out autogroup migrations by testing the destination cgroup and PF_EXITING but this is not enough. In fact without explicitly tagging the thread which is doing the cgroup migration there is no good way to tell apart scx_move_task() invocations for racing migration to the root cgroup and an autogroup migration.

This led to scx_move_task() incorrectly ignoring a migration from non-root cgroup to an autogroup of the root cgroup triggering the following warning:

WARNING: CPU: 7 PID: 1 at kernel/sched/ext.c:3725 scx_cgroup_can_attach+0x196/0x340 … Call Trace: cgroup_migrate_execute+0x5b1/0x700 cgroup_attach_task+0x296/0x400 __cgroup_procs_write+0x128/0x140 cgroup_procs_write+0x17/0x30 kernfs_fop_write_iter+0x141/0x1f0 vfs_write+0x31d/0x4a0 __x64_sys_write+0x72/0xf0 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Fix it by adding an argument to sched_move_task() that indicates whether the moving is for a cgroup or autogroup migration. After the change scx_move_task() is called only for cgroup migrations and renamed to scx_cgroup_move_task().

Reference

https://git.kernel.org/stable/c/75bf2f80c046d2ec5a07455891ea0a9fb6d8b5f6 https://git.kernel.org/stable/c/d6f3e7d564b2309e1f17e709a70eca78d7ca2bb8 https://git.kernel.org/stable/c/d8b510d0ddc65d8a71e0f9a3acc9ed5f010fc514