CVE-2023-53215

In the Linux kernel, the following vulnerability has been resolved:

sched/fair: Don't balance task to its current running CPU

We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in settaskcpu() like below:

------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 settaskcpu+0x188/0x240 Modules linked in: hclgevf xtCHECKSUM iptREJECT nfrejectipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1 Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021 pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : settaskcpu+0x188/0x240 lr : loadbalance+0x5d0/0xc60 sp : ffff80000803bc70 x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040 x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001 x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78 x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000 x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000 x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530 x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001 Call trace: settaskcpu+0x188/0x240 loadbalance+0x5d0/0xc60 rebalancedomains+0x26c/0x380 nohzidlebalance.isra.0+0x1e0/0x370 runrebalancedomains+0x6c/0x80 __do_softirq+0x128/0x3d8 ____dosoftirq+0x18/0x24 callonirqstack+0x2c/0x38 do_softirqownstack+0x24/0x3c __irqexitrcu+0xcc/0xf4 irq_exitrcu+0x18/0x24 el1interrupt+0x4c/0xe4 el1h64irqhandler+0x18/0x2c el1h64irq+0x74/0x78 archcpuidle+0x18/0x4c defaultidlecall+0x58/0x194 doidle+0x244/0x2b0 cpustartupentry+0x30/0x3c secondarystartkernel+0x14c/0x190 _secondaryswitched+0xb0/0xb4 ---[ end trace 0000000000000000 ]---

Further investigation shows that the warning is superfluous, the migration disabled task is just going to be migrated to its current running CPU. This is because that on load balance if the dstcpu is not allowed by the task, we'll re-select a newdstcpu as a candidate. If no task can be balanced to dstcpu we'll try to balance the task to the newdstcpu instead. In this case when the migration disabled task is not on CPU it only allows to run on its current CPU, load balance will select its current CPU as newdstcpu and later triggers the warning above.

The newdstcpu is chosen from the env->dstgrpmask. Currently it contains CPUs in schedgroupspan() and if we have overlapped groups it's possible to run into this case. This patch makes env->dstgrpmask of groupbalancemask() which exclude any CPUs from the busiest group and solve the issue. For balancing in a domain with no overlapped groups the behaviour keeps same as before.