From: Andrea Righi <arighi@nvidia.com>
To: Saket Kumar Bhaskar <skb99@linux.ibm.com>
Cc: sched-ext@lists.linux.dev, linux-kernel@vger.kernel.org,
hbathini@linux.ibm.com, samir@linux.ibm.com,
sachinpb@linux.ibm.com, tj@kernel.org, void@manifault.com,
changwoo@igalia.com, mingo@redhat.com, peterz@infradead.org,
juri.lelli@redhat.com, vincent.guittot@linaro.org,
dietmar.eggemann@arm.com, rostedt@goodmis.org,
bsegall@google.com, mgorman@suse.de, vschneid@redhat.com
Subject: Re: [PATCH] sched_ext: Fix scx_enable() crash on helper kthread creation failure
Date: Wed, 19 Nov 2025 11:44:51 +0100 [thread overview]
Message-ID: <aR2fo87bjKzINl8O@gpd4> (raw)
In-Reply-To: <20251119103722.309211-1-skb99@linux.ibm.com>
On Wed, Nov 19, 2025 at 04:07:22PM +0530, Saket Kumar Bhaskar wrote:
> A crash was observed when the sched_ext selftests runner was
> terminated with Ctrl+\ while test 15 was running:
>
> NIP [c00000000028fa58] scx_enable.constprop.0+0x358/0x12b0
> LR [c00000000028fa2c] scx_enable.constprop.0+0x32c/0x12b0
> Call Trace:
> scx_enable.constprop.0+0x32c/0x12b0 (unreliable)
> bpf_struct_ops_link_create+0x18c/0x22c
> __sys_bpf+0x23f8/0x3044
> sys_bpf+0x2c/0x6c
> system_call_exception+0x124/0x320
> system_call_vectored_common+0x15c/0x2ec
>
> kthread_run_worker() returns an ERR_PTR() on failure rather than NULL,
> but the current code in scx_alloc_and_add_sched() only checks for a NULL
> helper. Incase of failure on SIGQUIT, the error is not handled in
> scx_alloc_and_add_sched() and scx_enable() ends up dereferencing an
> error pointer.
>
> Error handling is fixed in scx_alloc_and_add_sched() to propagate
> PTR_ERR() into ret, so that scx_enable() jumps to the existing error
> path, avoiding random dereference on failure.
>
> Fixes: bff3b5aec1b7 ("sched_ext: Move disable machinery into scx_sched")
> Reported-by: Samir Mulani <samir@linux.ibm.com>
> Signed-off-by: Saket Kumar Bhaskar <skb99@linux.ibm.com>
Good catch, makes sense to me.
Reviewed-by: Andrea Righi <arighi@nvidia.com>
Thanks,
-Andrea
> ---
> kernel/sched/ext.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
> index 2b0e88206d07..7fc0cce68a1b 100644
> --- a/kernel/sched/ext.c
> +++ b/kernel/sched/ext.c
> @@ -4392,8 +4392,11 @@ static struct scx_sched *scx_alloc_and_add_sched(struct sched_ext_ops *ops)
> goto err_free_gdsqs;
>
> sch->helper = kthread_run_worker(0, "sched_ext_helper");
> - if (!sch->helper)
> + if (IS_ERR(sch->helper)) {
> + ret = PTR_ERR(sch->helper);
> goto err_free_pcpu;
> + }
> +
> sched_set_fifo(sch->helper->task);
>
> atomic_set(&sch->exit_kind, SCX_EXIT_NONE);
> --
> 2.51.0
>
next prev parent reply other threads:[~2025-11-19 10:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-19 10:37 [PATCH] sched_ext: Fix scx_enable() crash on helper kthread creation failure Saket Kumar Bhaskar
2025-11-19 10:44 ` Andrea Righi [this message]
2025-11-19 15:41 ` Emil Tsalapatis
2025-11-19 16:54 ` Samir M
2025-11-20 7:31 ` Vishal Chourasia
2025-11-20 16:35 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aR2fo87bjKzINl8O@gpd4 \
--to=arighi@nvidia.com \
--cc=bsegall@google.com \
--cc=changwoo@igalia.com \
--cc=dietmar.eggemann@arm.com \
--cc=hbathini@linux.ibm.com \
--cc=juri.lelli@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sachinpb@linux.ibm.com \
--cc=samir@linux.ibm.com \
--cc=sched-ext@lists.linux.dev \
--cc=skb99@linux.ibm.com \
--cc=tj@kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=void@manifault.com \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.