Use CPU_SET_S() instead of CPU_SET() on the dynamically allocated
cpuset to avoid a potential out-of-bounds write when nr_cpu_ids
exceeds CPU_SETSIZE.
Also destroy the skeleton before returning on invalid central CPU ID
to prevent a resource leak.
Signed-off-by: David Carlier <devnexen@gmail.com>
---
tools/sched_ext/scx_central.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/sched_ext/scx_central.c b/tools/sched_ext/scx_central.c
index a6dfd45de70c..39f21b00a208 100644
--- a/tools/sched_ext/scx_central.c
+++ b/tools/sched_ext/scx_central.c
@@ -74,6 +74,7 @@ int main(int argc, char **argv)
u32 central_cpu = strtoul(optarg, NULL, 0);
if (central_cpu >= skel->rodata->nr_cpu_ids) {
fprintf(stderr, "invalid central CPU id value, %u given (%u max)\n", central_cpu, skel->rodata->nr_cpu_ids);
+ scx_central__destroy(skel);
return -1;
}
skel->rodata->central_cpu = (s32)central_cpu;
@@ -109,7 +110,7 @@ int main(int argc, char **argv)
SCX_BUG_ON(!cpuset, "Failed to allocate cpuset");
cpuset_size = CPU_ALLOC_SIZE(skel->rodata->nr_cpu_ids);
CPU_ZERO_S(cpuset_size, cpuset);
- CPU_SET(skel->rodata->central_cpu, cpuset);
+ CPU_SET_S(skel->rodata->central_cpu, cpuset_size, cpuset);
SCX_BUG_ON(sched_setaffinity(0, cpuset_size, cpuset),
"Failed to affinitize to central CPU %d (max %d)",
skel->rodata->central_cpu, skel->rodata->nr_cpu_ids - 1);
--
2.51.0