Linux Kernel BPF Migration Handling Vulnerability in Sched_ext Component

A vulnerability in the Linux kernel's BPF migration handling within the sched_ext component can lead to improper task scheduling. This issue arises because the BPF prolog, which manages task migration states, only disables migration when the CONFIG_PREEMPT_RCU option is active. As a result, tasks may be incorrectly identified as migration-disabled, allowing them to be scheduled on remote CPUs and potentially triggering errors. The vulnerability affects Linux kernel versions 6.18 and later.

Impact

The vulnerability can cause migration-disabled tasks to be incorrectly scheduled on remote CPUs, leading to synchronization errors and potential task management issues.

Reproduction

To reproduce this vulnerability, compile the Linux kernel with the CONFIG_PREEMPT_RCU option disabled. Then, run a BPF program that interacts with the scheduling system. The BPF prolog will disable migration for the current task, but without the preemption option, the migration-disabled state will not be properly managed. This can be observed by checking the task's migration status and its scheduling behavior on CPUs.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.