Re: [PATCH] sched/fair: Fix fault in reweight_entity

From: Peter Zijlstra
Date: Wed Jan 19 2022 - 04:32:35 EST


On Tue, Jan 18, 2022 at 05:24:17PM -0800, Tadeusz Struk wrote:
> Syzbot found a GPF in reweight_entity. This has been bisected to commit
> c85c6fadbef0 ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")

That's a stable commit, the real commit is 4ef0c5c6b5ba1f38f0ea1cedad0cad722f00c14a

> Looks like after this change there is a time window, when
> task_struct->se.cfs_rq can be NULL. This can be exploited to trigger
> null-ptr-deref by calling setpriority on that task.

Looks like isn't good enough, either there is, in which case you explain
the window, or there isn't in which case what are we doing here?