From 55a24d9203979d1cd0196ba1d189860e8b828c2e Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 17 Feb 2026 19:48:00 +0000 Subject: [PATCH] tools/sched_ext: scx_central: fix CPU_SET and skeleton leak on early exit Use CPU_SET_S() instead of CPU_SET() on the dynamically allocated cpuset to avoid a potential out-of-bounds write when nr_cpu_ids exceeds CPU_SETSIZE. Also destroy the skeleton before returning on invalid central CPU ID to prevent a resource leak. Signed-off-by: David Carlier Signed-off-by: Tejun Heo --- tools/sched_ext/scx_central.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/sched_ext/scx_central.c b/tools/sched_ext/scx_central.c index a6dfd45de70c..39f21b00a208 100644 --- a/tools/sched_ext/scx_central.c +++ b/tools/sched_ext/scx_central.c @@ -74,6 +74,7 @@ restart: u32 central_cpu = strtoul(optarg, NULL, 0); if (central_cpu >= skel->rodata->nr_cpu_ids) { fprintf(stderr, "invalid central CPU id value, %u given (%u max)\n", central_cpu, skel->rodata->nr_cpu_ids); + scx_central__destroy(skel); return -1; } skel->rodata->central_cpu = (s32)central_cpu; @@ -109,7 +110,7 @@ restart: SCX_BUG_ON(!cpuset, "Failed to allocate cpuset"); cpuset_size = CPU_ALLOC_SIZE(skel->rodata->nr_cpu_ids); CPU_ZERO_S(cpuset_size, cpuset); - CPU_SET(skel->rodata->central_cpu, cpuset); + CPU_SET_S(skel->rodata->central_cpu, cpuset_size, cpuset); SCX_BUG_ON(sched_setaffinity(0, cpuset_size, cpuset), "Failed to affinitize to central CPU %d (max %d)", skel->rodata->central_cpu, skel->rodata->nr_cpu_ids - 1); -- 2.30.2