From nobody Fri Dec 19 13:31:05 2025 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 483D12472BA for ; Sat, 6 Dec 2025 02:22:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764987748; cv=none; b=KxNtaHWT29FIzseogKf+GcKLsjzRddX+kLizwE5vID/09U4DFXlCs9cInpQUPTpOVfGDr09+Ct+xpBg+VAQtkqujC0CTtzYJLzi4+kTVMwpRJxy2aLf6GcAKVTO+lAuhxdlVi/K/kGAkVJa5bItmCVdkQ3tJoQMXm58EgcOY51g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764987748; c=relaxed/simple; bh=XVCsyOGJdweid+Hkrs1mnBjSZEfhBqgCs1WaMylpkIU=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=QJaqRoraVrScKK+NkRLz4dRHUUDjJQXeWiLa8T+Cs/Q/CWfRImOLaQDCYgoNSqTIQXEnrJrcTP0nAQaFOY+t3P7YwEmhmwRV+DmNCn5FMznMSJci6wzYvK7yOeqoP8lvV0u6U/FjFj7oijDTBt0eHVDHZM/yR5hMJ3LTv17ggK8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jstultz.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HkePGzAL; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jstultz.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HkePGzAL" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-7b9208e1976so5013825b3a.1 for ; Fri, 05 Dec 2025 18:22:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1764987746; x=1765592546; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=jdV7N4pfSKAse/61258VLDqIWR7NsSJT3WSRlwQOzKI=; b=HkePGzALAokT38ZJaWL0BSHlLEfzo8XrKxGu6yPQ5J2EpJuWi7VbuFjRHZDyV5EGZM 20MhMXECAiOSM7I8BLCvK6rybvXApS3bg1gmLDvTbwEVaQH17TCSMsmgP9z3slqF9X2r x+8K1e/8rel1nPMozLlCzA3lEJRe2PxTwURbkcfI8/DuQXKALIaP4wh7wLxBHMrKaE1z JwxOr4DRwYiJUHaJ7s0sq29Y8QN1POsah/4dwCdZ3Ro/KbjnBPz8XPNsWwPEk/sL8JMB eF/6A5+G8xKxqHZQUy/szPhfa65WnSaM+0E2E8Fgiyt5opUy7nzOcFKohd2bHSneea8t ccDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764987746; x=1765592546; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=jdV7N4pfSKAse/61258VLDqIWR7NsSJT3WSRlwQOzKI=; b=uUZeUnVLLvlVilM8/iZiBNLMgTicpF2U2cuo/NOLUSeiNpf1gZoTCes7UYxJWYubIe O11GHwqP4KrPWxh+LZdFIM3AnjGIHJefCJECJ1Jtzx9H3yJb0E3M81JrYX4p9ctzZOsV UlO6IAAU98XihFVXbMh7ucXjL4VxESx/BVHVbVOWnfgn1Tf0MyuYxFi2m64Jma2kchFO 3m2hTRApLDijnAEiFbVBGkn8YkMXlic+//Tdbp6X3cHy7SFqLEjLgEP1D/FwqpHTV58h VGjvW+qrBpGhnftdRFk85jIzjYE7wrIMifk//aPeBbW0N0oSRKs/PHQbEic1T4Z3p8oa Ngjw== X-Gm-Message-State: AOJu0Yyvr4Bx0nIL8uM7GXbD5c+yJBGEob/8aRdQKlB+nN2kqIAyCbJl cI/FSyY4/sG5jtxCp0+tdohV6tKHVeh/efvreXPhFUXMwkYnnDhGJexPEXE2d1a9UOAAWSZ1OEg 0LWKuwt1DNS1xRRTKS1LWTO5O5AgSxHsVQI8Ud/0SiED+Im5CRvmnDsondk2vd30GMeUu+ODTAL rxp20VM07zJ8XtpRAVqzUy8sgZe15UqBudO6HensYzAkdJ//44 X-Google-Smtp-Source: AGHT+IFxrNvkNeRuDCNG+ZcWkFhXmvzU4P3pH7Pgn3ovztAsqVSl3V0pw8OUcWVAybxQomfezKOcPyThv5SD X-Received: from pgah22.prod.google.com ([2002:a05:6a02:4e96:b0:bac:ef38:605c]) (user=jstultz job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:e211:b0:366:14af:9bb8 with SMTP id adf61e73a8af0-36618017e9cmr1315282637.66.1764987746096; Fri, 05 Dec 2025 18:22:26 -0800 (PST) Date: Sat, 6 Dec 2025 02:22:03 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.52.0.223.gf5cc29aaa4-goog Message-ID: <20251206022218.1541878-1-jstultz@google.com> Subject: [RFC][PATCH] sched/ext: Avoid null ptr traversal when ->put_prev_task() is called with NULL next From: John Stultz To: LKML Cc: John Stultz , Joel Fernandes , Qais Yousef , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Valentin Schneider , Steven Rostedt , Ben Segall , Zimuzo Ezeozue , Mel Gorman , Will Deacon , Waiman Long , Boqun Feng , "Paul E. McKenney" , Metin Kaya , Xuewen Yan , K Prateek Nayak , Thomas Gleixner , Daniel Lezcano , Suleiman Souhlal , kuyo chang , hupu , Tejun Heo , David Vernet , Andrea Righi , Changwoo Min , sched-ext@lists.linux.dev, kernel-team@android.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Early when trying to get sched_ext and proxy-exe working together, I kept tripping over NULL ptr in put_prev_task_scx() on the line: if (sched_class_above(&ext_sched_class, next->sched_class)) { Which was due to put_prev_task() passes a NULL next, calling: prev->sched_class->put_prev_task(rq, prev, NULL); put_prev_task_scx() already guards for a NULL next in the switch_class case, but doesn't seem to have a guard for sched_class_above() check. I can't say I understand why this doesn't trip usually without proxy-exec. And in newer kernels there are way fewer put_prev_task(), and I can't easily reproduce the issue now even with proxy-exec. But we still have one put_prev_task() call left in core.c that seems like it could trip this, so I wanted to send this out for consideration. Signed-off-by: John Stultz Reviewed-by: Andrea Righi --- Cc: Joel Fernandes Cc: Qais Yousef Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Juri Lelli Cc: Vincent Guittot Cc: Dietmar Eggemann Cc: Valentin Schneider Cc: Steven Rostedt Cc: Ben Segall Cc: Zimuzo Ezeozue Cc: Mel Gorman Cc: Will Deacon Cc: Waiman Long Cc: Boqun Feng Cc: "Paul E. McKenney" Cc: Metin Kaya Cc: Xuewen Yan Cc: K Prateek Nayak Cc: Thomas Gleixner Cc: Daniel Lezcano Cc: Suleiman Souhlal Cc: kuyo chang Cc: hupu Cc: Tejun Heo Cc: David Vernet Cc: Andrea Righi Cc: Changwoo Min Cc: sched-ext@lists.linux.dev Cc: kernel-team@android.com --- kernel/sched/ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 446091cba4429..598552f58f5ec 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -2402,7 +2402,7 @@ static void put_prev_task_scx(struct rq *rq, struct t= ask_struct *p, * ops.enqueue() that @p is the only one available for this cpu, * which should trigger an explicit follow-up scheduling event. */ - if (sched_class_above(&ext_sched_class, next->sched_class)) { + if (next && sched_class_above(&ext_sched_class, next->sched_class)) { WARN_ON_ONCE(!(sch->ops.flags & SCX_OPS_ENQ_LAST)); do_enqueue_task(rq, p, SCX_ENQ_LAST, -1); } else { --=20 2.52.0.223.gf5cc29aaa4-goog