Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's scheduling system, specifically related to the SCHED_DEADLINE policy and priority inheritance (PI) mutexes. When a task holding a PI mutex is changed from the DEADLINE scheduling class to a lower priority class while still holding the mutex, it may fail to properly inherit scheduling parameters from the task that blocked on it (the donor). This failure causes the kernel to miss setting a critical flag (ENQUEUE_REPLENISH) that is necessary for correct bandwidth accounting.

The issue arises because the lock holder task does not get enqueued with the proper replenishment flag, leading to corrupted bandwidth accounting. This can cause warnings and potential scheduling anomalies on real-time (RT) kernels, especially under stress conditions.

The fix involves introducing a function (__setscheduler_dl_pi()) that detects when a DEADLINE task is moved to a lower priority class and ensures it inherits the correct parameters and sets the ENQUEUE_REPLENISH flag to maintain proper scheduling behavior.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact systems running real-time Linux kernels using the SCHED_DEADLINE scheduling policy, particularly on large machines under heavy load or stress testing.

The main impact is corrupted bandwidth accounting for tasks holding PI mutexes, which can lead to scheduling warnings and potentially unpredictable task scheduling behavior. This could degrade real-time performance or cause timing issues in critical applications relying on precise scheduling guarantees.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing specific WARNING messages in the kernel logs when running certain workloads on a real-time (RT) Linux kernel. For example, running stress-ng with the --schedpolicy 0 option on a big machine might trigger warnings related to the missing ENQUEUE_REPLENISH flag during PI de-boosting.

Look for kernel log messages similar to: "sched: DL de-boosted task PID XXXX: REPLENISH flag missing" and warnings referencing dequeue_task_dl and bandwidth underflow.

Commands to help detect this issue include checking the kernel ring buffer for these warnings using:

• dmesg | grep -i 'REPLENISH flag missing'
• journalctl -k | grep -i 'REPLENISH flag missing'
• Running stress-ng with the --schedpolicy 0 option on an RT kernel to reproduce the condition:
• stress-ng --schedpolicy 0

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to apply the patch that fixes the missing ENQUEUE_REPLENISH flag during PI de-boosting in the Linux kernel scheduler. This patch introduces a function (__setscheduler_dl_pi()) that ensures proper inheritance of DEADLINE parameters and sets the ENQUEUE_REPLENISH flag when a DEADLINE task is changed to a lower priority class.

Until the patch is applied, avoid scenarios where a SCHED_DEADLINE task holding a PI mutex is changed to a lower priority class via sched_setscheduler() while still holding the mutex, as this triggers the vulnerability.

In practice, this means:

• Update your Linux kernel to a version that includes the fix for this issue.
• Avoid changing scheduling policies of DEADLINE tasks holding PI mutexes to lower priority classes until the fix is applied.

Useful 0 Not Useful 0