From nobody Mon Feb 9 01:12:38 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CF29E2417C2; Mon, 4 Aug 2025 11:28:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306895; cv=none; b=tCRwTkkZUIulf0bjpQSR7DLnNiolGiER7UtczKDOYuo/sSZQAZZp4eH6OxpvUXl03T/hGlPYBzW0///m6hnH+vNEHJjC4T40v3V+Knhco+gD2+geZEnlm4yAXIQVxiZfde5qd9qXNkJH0zDT/UJnoivhGfPpXrKKDsrCc3cj6yk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306895; c=relaxed/simple; bh=hjOL3ON5fPPF6nNMGzaUMSvif7RbckVL3EFMwbn3B9g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=T89Uyg6CsYae3e95CT8/LGhQHaYjW2u0qtJHKxu6vCsgohZa7zKinXA9lApHMPKm/PXenN4cHOSbxkSwAtx4Grz3pt6V726B8pgcpgyWdy516YAaTYcOsrZ1qxDS83uQh8mXAXdUgdH6THpcmDYs9dp+YWORyqKiTg06vfnKkcs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 447251424; Mon, 4 Aug 2025 04:28:05 -0700 (PDT) Received: from e127648.cambridge.arm.com (e127648.arm.com [10.1.25.45]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BFDF83F673; Mon, 4 Aug 2025 04:28:10 -0700 (PDT) From: Christian Loehle To: tj@kernel.org, arighi@nvidia.com, void@manifault.com Cc: linux-kernel@vger.kernel.org, sched-ext@lists.linux.dev, changwoo@igalia.com, hodgesd@meta.com, mingo@redhat.com, peterz@infradead.org, Christian Loehle , stable@vger.kernel.org Subject: [PATCH v2 1/3] sched_ext: Mark scx_bpf_cpu_rq as NULL returnable Date: Mon, 4 Aug 2025 12:27:41 +0100 Message-Id: <20250804112743.711816-2-christian.loehle@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250804112743.711816-1-christian.loehle@arm.com> References: <20250804112743.711816-1-christian.loehle@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" scx_bpf_cpu_rq() obviously returns NULL on invalid cpu. Mark it as such. While kf_cpu_valid() will trigger scx_ops_error() that leads to the BPF scheduler exiting, this isn't guaranteed to be immediate, allowing for a dereference of a NULL scx_bpf_cpu_rq() return value. Cc: stable@vger.kernel.org Fixes: 6203ef73fa5c ("sched/ext: Add BPF function to fetch rq") Signed-off-by: Christian Loehle Acked-by: Andrea Righi --- kernel/sched/ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 7dedc9a16281..3ea3f0f18030 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -7589,7 +7589,7 @@ BTF_ID_FLAGS(func, scx_bpf_get_online_cpumask, KF_ACQ= UIRE) BTF_ID_FLAGS(func, scx_bpf_put_cpumask, KF_RELEASE) BTF_ID_FLAGS(func, scx_bpf_task_running, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_task_cpu, KF_RCU) -BTF_ID_FLAGS(func, scx_bpf_cpu_rq) +BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_RET_NULL) #ifdef CONFIG_CGROUP_SCHED BTF_ID_FLAGS(func, scx_bpf_task_cgroup, KF_RCU | KF_ACQUIRE) #endif --=20 2.34.1 From nobody Mon Feb 9 01:12:38 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DA8C4253F3A for ; Mon, 4 Aug 2025 11:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306900; cv=none; b=oGWkZqD04FBDrV5PD5mmkzJIfCgkGNyb4E8v34xCD2wlt2801yoi6cEk9qnl9WhVk2UMMUtRH1WgBy0QRK5s192agPdzPy94iuXrYmVEJtbkbft7H4O9KOqKMqvtEibzc6GtZemIlQBi7r5pZuzMw685wGW3f3fAZPqT7vjAVMg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306900; c=relaxed/simple; bh=5H2g4ROH68kWoK7NzqORbbWAnCo1V6t5mQSMrhel89s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=flz9Sao8wXB/kd3l5wGSs157iFOp8Hk/w0ibXWyhznnrpH+x2Err3JpTR6Th8nwHbing1nEbWyx2IM137/eBWq4d5OUnQTaOVTID+13qdfrQn+dR8324T4Q8hN+TLpCyU/v/BT48bNx6It4u1vUrE12dOt7ngqsUuwsJVMOoiKg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 496F41C25; Mon, 4 Aug 2025 04:28:10 -0700 (PDT) Received: from e127648.cambridge.arm.com (e127648.arm.com [10.1.25.45]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 66B503F673; Mon, 4 Aug 2025 04:28:16 -0700 (PDT) From: Christian Loehle To: tj@kernel.org, arighi@nvidia.com, void@manifault.com Cc: linux-kernel@vger.kernel.org, sched-ext@lists.linux.dev, changwoo@igalia.com, hodgesd@meta.com, mingo@redhat.com, peterz@infradead.org, Christian Loehle Subject: [PATCH v2 2/3] sched_ext: Provide scx_bpf_remote_curr() Date: Mon, 4 Aug 2025 12:27:42 +0100 Message-Id: <20250804112743.711816-3-christian.loehle@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250804112743.711816-1-christian.loehle@arm.com> References: <20250804112743.711816-1-christian.loehle@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Provide scx_bpf_remote_curr() as a way for scx schedulers to check the curr task of a remote rq, without assuming its lock is held. Many scx schedulers make use of scx_bpf_cpu_rq() to check a remote curr (e.g. to see if it should be preempted). This is problematic because scx_bpf_cpu_rq() provides access to all fields of struct rq, most of which aren't safe to use without holding the associated rq lock. Signed-off-by: Christian Loehle --- kernel/sched/ext.c | 24 ++++++++++++++++++++++++ tools/sched_ext/include/scx/common.bpf.h | 1 + 2 files changed, 25 insertions(+) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 3ea3f0f18030..1d9d9cbed0aa 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -7426,6 +7426,29 @@ __bpf_kfunc struct rq *scx_bpf_cpu_rq(s32 cpu) return cpu_rq(cpu); } +struct task_struct *bpf_task_acquire(struct task_struct *p); + +/** + * scx_bpf_remote_curr - Fetch the curr of a rq without acquiring its rq l= ock + * @cpu: CPU of the rq + * + * Increments the refcount of the task_struct which needs to be released l= ater. + */ +__bpf_kfunc struct task_struct *scx_bpf_remote_curr(s32 cpu) +{ + struct task_struct *p; + + if (!kf_cpu_valid(cpu, NULL)) + return NULL; + + rcu_read_lock(); + p =3D cpu_rq(cpu)->curr; + if (p) + p =3D bpf_task_acquire(p); + rcu_read_unlock(); + return p; +} + /** * scx_bpf_task_cgroup - Return the sched cgroup of a task * @p: task of interest @@ -7590,6 +7613,7 @@ BTF_ID_FLAGS(func, scx_bpf_put_cpumask, KF_RELEASE) BTF_ID_FLAGS(func, scx_bpf_task_running, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_task_cpu, KF_RCU) BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_RET_NULL) +BTF_ID_FLAGS(func, scx_bpf_remote_curr, KF_RET_NULL | KF_ACQUIRE) #ifdef CONFIG_CGROUP_SCHED BTF_ID_FLAGS(func, scx_bpf_task_cgroup, KF_RCU | KF_ACQUIRE) #endif diff --git a/tools/sched_ext/include/scx/common.bpf.h b/tools/sched_ext/inc= lude/scx/common.bpf.h index d4e21558e982..e5d4ef124532 100644 --- a/tools/sched_ext/include/scx/common.bpf.h +++ b/tools/sched_ext/include/scx/common.bpf.h @@ -91,6 +91,7 @@ s32 scx_bpf_pick_any_cpu(const cpumask_t *cpus_allowed, u= 64 flags) __ksym; bool scx_bpf_task_running(const struct task_struct *p) __ksym; s32 scx_bpf_task_cpu(const struct task_struct *p) __ksym; struct rq *scx_bpf_cpu_rq(s32 cpu) __ksym; +struct task_struct *scx_bpf_remote_curr(s32 cpu) __ksym; struct cgroup *scx_bpf_task_cgroup(struct task_struct *p) __ksym __weak; u64 scx_bpf_now(void) __ksym __weak; void scx_bpf_events(struct scx_event_stats *events, size_t events__sz) __k= sym __weak; -- 2.34.1 From nobody Mon Feb 9 01:12:38 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FF5A25334B for ; Mon, 4 Aug 2025 11:28:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306905; cv=none; b=FqPajnvN4QZJPzuD8q++OyVBZShZMks92Cb+xW48Hhvv3N+obThIcfnm6uer1LuJaSujBROW+cJ6rQfSnu4ui5KcMHO1RzxMWdDkLIIkSRw7bgEadhzszF+I8bO66OlpQbCaQQ47C0MtU0tQNd/0XyQtp6n9jCfvXD9gDBRx+6A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754306905; c=relaxed/simple; bh=4y0ubXbM+sFWMUXk2AwlLJnNZtXbVDFA30Piw0OYsuM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BcQWpVNjIWSM1GwIzDbiAcPahBApABlfVtQ8gDFv4tpZdK5NUa3LA/n6d3PpIbT3CJ9+bFoYPnNuVWS+hKwzL7vvIWdbI0Z3iuvkhct6ZCfEvtURmVdK3pB546YgaFyyGvM5JOtoEvmK3zYQuVwp1d6qDKS1oK6LUMBlMm8Lcak= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 37FD11424; Mon, 4 Aug 2025 04:28:15 -0700 (PDT) Received: from e127648.cambridge.arm.com (e127648.arm.com [10.1.25.45]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E1B663F673; Mon, 4 Aug 2025 04:28:20 -0700 (PDT) From: Christian Loehle To: tj@kernel.org, arighi@nvidia.com, void@manifault.com Cc: linux-kernel@vger.kernel.org, sched-ext@lists.linux.dev, changwoo@igalia.com, hodgesd@meta.com, mingo@redhat.com, peterz@infradead.org, Christian Loehle Subject: [PATCH v2 3/3] sched_ext: Guarantee rq lock on scx_bpf_cpu_rq() Date: Mon, 4 Aug 2025 12:27:43 +0100 Message-Id: <20250804112743.711816-4-christian.loehle@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250804112743.711816-1-christian.loehle@arm.com> References: <20250804112743.711816-1-christian.loehle@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Most fields in scx_bpf_cpu_rq() assume that its rq_lock is held. Furthermore they become meaningless without rq lock, too. Only return scx_bpf_cpu_rq() if we hold rq lock of that rq. All upstream scx schedulers can be converted into the new scx_bpf_remote_curr() instead. Signed-off-by: Christian Loehle --- kernel/sched/ext.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 1d9d9cbed0aa..0b05ddc1f100 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -7420,10 +7420,18 @@ __bpf_kfunc s32 scx_bpf_task_cpu(const struct task_= struct *p) */ __bpf_kfunc struct rq *scx_bpf_cpu_rq(s32 cpu) { + struct rq *rq; + if (!kf_cpu_valid(cpu, NULL)) return NULL; =20 - return cpu_rq(cpu); + rq =3D cpu_rq(cpu); + if (rq !=3D scx_locked_rq_state) { + scx_kf_error("Accessing not locked rq %d", cpu); + return NULL; + } + + return rq; } =20 struct task_struct *bpf_task_acquire(struct task_struct *p); --=20 2.34.1