* [PATCH] sched_ext: Fix uninitialized ret in scx_alloc_and_add_sched()
@ 2026-03-14 1:39 Cheng-Yang Chou
2026-03-14 9:04 ` Tejun Heo
0 siblings, 1 reply; 2+ messages in thread
From: Cheng-Yang Chou @ 2026-03-14 1:39 UTC (permalink / raw)
To: sched-ext; +Cc: tj, void, arighi, changwoo, jserv, yphbchou0911
Under CONFIG_EXT_SUB_SCHED, the kzalloc() and kstrdup() failure
paths jump to err_stop_helper without first setting ret. The
function then returns ERR_PTR(ret) with ret uninitialized, which
can produce ERR_PTR(0) (NULL), causing the caller's IS_ERR() check
to pass and leading to a NULL pointer dereference.
Set ret = -ENOMEM before each goto to fix the error path.
Fixes: ebeca1f930ea ("sched_ext: Introduce cgroup sub-sched support")
Signed-off-by: Cheng-Yang Chou <yphbchou0911@gmail.com>
---
kernel/sched/ext.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index e7ab3647e35f..c45e4cfbae17 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -6210,13 +6210,17 @@ static struct scx_sched *scx_alloc_and_add_sched(struct sched_ext_ops *ops,
#ifdef CONFIG_EXT_SUB_SCHED
char *buf = kzalloc(PATH_MAX, GFP_KERNEL);
- if (!buf)
+ if (!buf) {
+ ret = -ENOMEM;
goto err_stop_helper;
+ }
cgroup_path(cgrp, buf, PATH_MAX);
sch->cgrp_path = kstrdup(buf, GFP_KERNEL);
kfree(buf);
- if (!sch->cgrp_path)
+ if (!sch->cgrp_path) {
+ ret = -ENOMEM;
goto err_stop_helper;
+ }
sch->cgrp = cgrp;
INIT_LIST_HEAD(&sch->children);
--
2.48.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-14 9:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-14 1:39 [PATCH] sched_ext: Fix uninitialized ret in scx_alloc_and_add_sched() Cheng-Yang Chou
2026-03-14 9:04 ` Tejun Heo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.