sched: hmp: fix out-of-range CPU possible

If someone hotplugs all the little CPUs while another CPU is handling
a wakeup, we can potentially return new_cpu == NR_CPUS from
hmp_select_slower_cpu (which is called internally by
hmp_best_little_cpu as well). We will use this to deref the
per_cpu rq array in hmp_next_down_delay which can go boom.

Signed-off-by: Chris Redpath <chris.redpath@arm.com>

diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index c6b09d5..348962a 100644 (file)
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -5411,7 +5411,11 @@ unlock:
 #else
                new_cpu = hmp_select_slower_cpu(p, prev_cpu);
 #endif
-               if (new_cpu != prev_cpu) {
+               /*
+                * we might have no suitable CPU
+                * in which case new_cpu == NR_CPUS
+                */
+               if (new_cpu < NR_CPUS && new_cpu != prev_cpu) {
                        hmp_next_down_delay(&p->se, new_cpu);
                        trace_sched_hmp_migrate(p, new_cpu, HMP_MIGRATE_WAKEUP);
                        return new_cpu;