Home

Description

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_cpus for online runqueues Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check of the cpu_active_mask to save some processing on the premise that the cpudl::free_cpus mask already reflected the runqueue online state. Unfortunately, there are cases where it is possible for the cpudl_clear function to set the free_cpus bit for a CPU when the deadline runqueue is offline. When this occurs while a CPU is connected to the default root domain the flag may retain the bad state after the CPU has been unplugged. Later, a different CPU that is transitioning through the default root domain may push a deadline task to the powered down CPU when cpudl_find sees its free_cpus bit is set. If this happens the task will not have the opportunity to run. One example is outlined here: https://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com Another occurs when the last deadline task is migrated from a CPU that has an offlined runqueue. The dequeue_task member of the deadline scheduler class will eventually call cpudl_clear and set the free_cpus bit for the CPU. This commit modifies the cpudl_clear function to be aware of the online state of the deadline runqueue so that the free_cpus mask can be updated appropriately. It is no longer necessary to manage the mask outside of the cpudl_set/clear functions so the cpudl_set/clear_freecpu functions are removed. In addition, since the free_cpus mask is now only updated under the cpudl lock the code was changed to use the non-atomic __cpumask functions.

PUBLISHED Reserved 2025-12-24 | Published 2026-01-13 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before 9019e399684e3cc68c4a3f050e268f74d69c1317
affected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before fb36846cbcc936954f2ad2bffdff13d16c0be08a
affected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before 91e448e69aca4bb0ba2e998eb3e555644db7322b
affected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before dbc61834b0412435df21c71410562d933e4eba49
affected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before 3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8
affected

9659e1eeee28f7025b6545934d644d19e9c6e603 (git) before 382748c05e58a9f1935f5a653c352422375566ea
affected

Default status
affected

4.0
affected

Any version before 4.0
unaffected

5.15.198 (semver)
unaffected

6.1.160 (semver)
unaffected

6.6.120 (semver)
unaffected

6.12.64 (semver)
unaffected

6.18.3 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/9019e399684e3cc68c4a3f050e268f74d69c1317

git.kernel.org/...c/fb36846cbcc936954f2ad2bffdff13d16c0be08a

git.kernel.org/...c/91e448e69aca4bb0ba2e998eb3e555644db7322b

git.kernel.org/...c/dbc61834b0412435df21c71410562d933e4eba49

git.kernel.org/...c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8

git.kernel.org/...c/382748c05e58a9f1935f5a653c352422375566ea

cve.org (CVE-2025-68780)

nvd.nist.gov (CVE-2025-68780)

Download JSON