ANDROID: SPED: Add vendor hooks in Scheduler

Kyriakos Ispoglou · Treehugger Robot · commit da5fbaa24036 · 2025-10-29T12:34:10.000-07:00
SPED (Scheduler-based Privilege Elevation Detection) a Kernel protection
that blocks privilege elevation attacks. Before scheduling a task for
execution, it checks if there is a transition to uid/euid 0 (root) and
if so, it blocks the execution.

We need to register 3 vendor hooks:
 * When a task is created in copy_process()
 * Before a task is selected for execution in __pick_next_task()
 * When a task is terminated in __put_task_struct()

The rationale on why we are using these functions can be found in the "Understanding the Linux Scheduler" tab of go/sped-cookbook

NOTE: There is already the trace_task_newtask() hook in copy_process() so we will reuse it for process creation. Therefore we will add only 2 new hooks.

1p: go/hyp-sched-lpe-detection
design (detailed): go/sped-bluedoc

Bug: 403623944
Test: None

Change-Id: Iae0f223488e8c9c5050f69f11d8930ad9b14871f
Signed-off-by: Kyriakos Ispoglou &lt;ispo@google.com&gt;
diff --git a/include/trace/hooks/sched.h b/include/trace/hooks/sched.h
@@ -539,6 +539,14 @@ DECLARE_HOOK(android_vh_dump_dl_server,
 	TP_PROTO(struct sched_dl_entity *dl_se, struct task_struct *p),
 	TP_ARGS(dl_se, p));
 
+DECLARE_HOOK(android_vh_chk_task,
+	TP_PROTO(struct task_struct **pp, struct rq *rq),
+	TP_ARGS(pp, rq));
+
+DECLARE_HOOK(android_vh_put_task,
+	TP_PROTO(struct task_struct *p),
+	TP_ARGS(p));
+
 /* macro versions of hooks are no longer required */
 
 #endif /* _TRACE_HOOK_SCHED_H */
diff --git a/kernel/fork.c b/kernel/fork.c
@@ -962,6 +962,7 @@ void __put_task_struct(struct task_struct *tsk)
 	WARN_ON(refcount_read(&tsk->usage));
 	WARN_ON(tsk == current);
 
+	trace_android_vh_put_task(tsk);
 	sched_ext_free(tsk);
 	io_uring_free(tsk);
 	cgroup_free(tsk);
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
@@ -6606,6 +6606,8 @@ __pick_next_task(struct rq *rq, struct task_struct *prev, struct rq_flags *rf)
 		if (unlikely(p == RETRY_TASK))
 			goto restart;
 
+		trace_android_vh_chk_task(&p, rq);
+
 		/* Assume the next prioritized class is idle_sched_class */
 		if (!p) {
 			p = pick_task_idle(rq);
@@ -6621,10 +6623,12 @@ __pick_next_task(struct rq *rq, struct task_struct *prev, struct rq_flags *rf)
 	for_each_active_class(class) {
 		if (class->pick_next_task) {
 			p = class->pick_next_task(rq, prev);
+			trace_android_vh_chk_task(&p, rq);
 			if (p)
 				return p;
 		} else {
 			p = class->pick_task(rq);
+			trace_android_vh_chk_task(&p, rq);
 			if (p) {
 				put_prev_set_next_task(rq, prev, p);
 				return p;
diff --git a/kernel/sched/vendor_hooks.c b/kernel/sched/vendor_hooks.c
@@ -138,3 +138,5 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_util_fits_cpu);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_before_pick_task_fair);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_balance_fair);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_dump_dl_server);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_chk_task);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_put_task);
