Linux Kernel Fair Scheduling Bug in SCX Task Selection

A vulnerability in the Linux kernel's fair scheduling component can lead to improper task management. The issue arises in the 'sched_ext' scheduler, where the 'pick_task_scx()' function may select tasks that are not queued, particularly when called without a prior 'balance_scx()' operation. This problem stems from a bug in the fair scheduling class, where 'pick_task_fair()' can return NULL after a valid 'balance_fair()' call. The introduced workaround attempts to address this by detecting unbalanced calls and emulating a balance state, but it incorrectly relies on the task's SCX status to determine if it should remain active. This misjudgment can result in a non-runnable task being returned, creating confusion and potential failures, such as a task being in an 'on_cpu' state without being on the run queue, which can cause busy-waiting and lead to deadlocks.

Impact

The vulnerability can cause deadlocks by creating a task state where a task is considered on the CPU but not actually runnable, causing potential wakers to busy loop.