Re: [External] : Re: [PATCH] sched/isolation: avoid reading past string in isolcpus parser
From: Joseph Salisbury
Date: Mon Mar 09 2026 - 17:51:26 EST
On 3/9/26 10:05 AM, Steven Rostedt wrote:
On Fri, 6 Mar 2026 14:59:08 -0800Thanks for the feedback and suggestion, Steve! I'll send a v2 with a test for a non-nul character.
Joseph Salisbury <joseph.salisbury@xxxxxxxxxx> wrote:
The function housekeeping_isolcpus_setup() advanced the parser pointerNice catch.
unconditionally after unknown flags.
For an argument like 'isolcpus=unknownflag', with no trailing comma, this can
move the pointer past the terminating NUL, and the next loop test reads
out of bounds.
Advance only when the current character is a comma separator, preserving
existing parsing semantics while avoiding the invalid read.
Fixes: 3662daf02350 ("sched/isolation: Allow "isolcpus=" to skip unknown sub-parameters")Although it should only be a ',' here, I think it's more robust to just
Cc: stable@xxxxxxxxxxxxxxx
Assisted-by: Codex:GPT-5.3
Signed-off-by: Joseph Salisbury <joseph.salisbury@xxxxxxxxxx>
---
kernel/sched/isolation.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/sched/isolation.c b/kernel/sched/isolation.c
index ef152d401fe2..4cf253fb6d75 100644
--- a/kernel/sched/isolation.c
+++ b/kernel/sched/isolation.c
@@ -355,7 +355,8 @@ static int __init housekeeping_isolcpus_setup(char *str)
}
pr_info("isolcpus: Skipped unknown flag %.*s\n", len, par);
- str++;
+ if (*str == ',')
+ str++;
test against non-nul character. As the bug only triggers if str points to
the nul character. No need to make this check depend on the rest of the
algorithm.
if (*str)
str++;
-- Steve
}
/* Default behaviour for isolcpus without flags */