Re: [PATCH] sched/isolation: avoid reading past string in isolcpus parser
From: Steven Rostedt
Date: Mon Mar 09 2026 - 10:05:40 EST
On Fri, 6 Mar 2026 14:59:08 -0800
Joseph Salisbury <joseph.salisbury@xxxxxxxxxx> wrote:
> The function housekeeping_isolcpus_setup() advanced the parser pointer
> unconditionally after unknown flags.
>
> For an argument like 'isolcpus=unknownflag', with no trailing comma, this can
> move the pointer past the terminating NUL, and the next loop test reads
> out of bounds.
>
> Advance only when the current character is a comma separator, preserving
> existing parsing semantics while avoiding the invalid read.
Nice catch.
>
> Fixes: 3662daf02350 ("sched/isolation: Allow "isolcpus=" to skip unknown sub-parameters")
> Cc: stable@xxxxxxxxxxxxxxx
> Assisted-by: Codex:GPT-5.3
> Signed-off-by: Joseph Salisbury <joseph.salisbury@xxxxxxxxxx>
> ---
> kernel/sched/isolation.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/sched/isolation.c b/kernel/sched/isolation.c
> index ef152d401fe2..4cf253fb6d75 100644
> --- a/kernel/sched/isolation.c
> +++ b/kernel/sched/isolation.c
> @@ -355,7 +355,8 @@ static int __init housekeeping_isolcpus_setup(char *str)
> }
>
> pr_info("isolcpus: Skipped unknown flag %.*s\n", len, par);
> - str++;
> + if (*str == ',')
> + str++;
Although it should only be a ',' here, I think it's more robust to just
test against non-nul character. As the bug only triggers if str points to
the nul character. No need to make this check depend on the rest of the
algorithm.
if (*str)
str++;
-- Steve
> }
>
> /* Default behaviour for isolcpus without flags */