Linux Kernel Off-by-One Vulnerability in Timer Migration Handling

An off-by-one vulnerability has been identified in the Linux kernel's timer migration handling. This issue arises during the process of connecting a new root to an old one, where the children counter of the new root is supposed to verify that only the upcoming CPU's top group has been linked. However, a recent commit introduced a race condition that invalidates this check, allowing the old root to remain improperly connected. As a result, the system may operate with multiple top-level groups, undermining the intended single idle migrator structure. Additionally, the old root can be accounted twice to the new root, leading to an incorrectly initialized group mask. While this double accounting is not harmful in itself, it highlights the core issue, which can cause system warnings about improper timer migration handling.

Impact

This vulnerability can disrupt the proper functioning of the timer migration system, potentially leading to incorrect group management and system warnings about timer handling issues.