sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator

JIRA: https://issues.redhat.com/browse/RHEL-92921

commit 428dc9f
Author: Tejun Heo <tj@kernel.org>
Date:   Mon May 5 11:30:39 2025 -1000

    sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator

    BPF programs may call next() and destroy() on BPF iterators even after new()
    returns an error value (e.g. bpf_for_each() macro ignores error returns from
    new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized
    state after an error return causing bpf_iter_scx_dsq_next() to dereference
    garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that
    next() and destroy() become noops.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Fixes: 650ba21 ("sched_ext: Implement DSQ iterator")
    Cc: stable@vger.kernel.org # v6.12+
    Acked-by: Andrea Righi <arighi@nvidia.com>

Signed-off-by: Phil Auld <pauld@redhat.com>

Author: auldp

kernel/sched/ext.c

@@ -7170,6 +7170,12 @@ __bpf_kfunc int bpf_iter_scx_dsq_new(struct bpf_iter_scx_dsq *it, u64 dsq_id,
 	BUILD_BUG_ON(__alignof__(struct bpf_iter_scx_dsq_kern) !=
 		     __alignof__(struct bpf_iter_scx_dsq));
 
+	/*
+	 * next() and destroy() will be called regardless of the return value.
+	 * Always clear $kit->dsq.
+	 */
+	kit->dsq = NULL;
+
 	if (flags & ~__SCX_DSQ_ITER_USER_FLAGS)
 		return -EINVAL;