[PATCH sched_ext/for-7.1-fixes] sched_ext: Drop %NONE early return in scx_disable_and_exit

The Linux Kernel Mailing List
 help / color / mirror / Atom feed

* [PATCH sched_ext/for-7.1-fixes] sched_ext: Drop %NONE early return in scx_disable_and_exit_task()
@ 2026-05-12 18:30 Tejun Heo
  2026-05-12 20:08 ` Andrea Righi
  0 siblings, 1 reply; 2+ messages in thread
From: Tejun Heo @ 2026-05-12 18:30 UTC (permalink / raw)
  To: void, arighi, changwoo; +Cc: sched-ext, emil, linux-kernel, Tejun Heo

d3e73a0808dd ("sched_ext: Handle SCX_TASK_NONE in disable/switched_from
paths") skipped the trailing scx_set_task_sched(p, NULL) on %NONE tasks.
After scx_fail_parent() parks a task at %NONE/sched=parent and the
parent is later freed via queue_rcu_work() during root_disable, the
preserved p->scx.sched dangles - print_scx_info() from sched_show_task()
reads sch->ops.name from freed memory.

Drop the early return. __scx_disable_and_exit_task() already short-
circuits on %NONE and the SUB_INIT block was cleared by
scx_fail_parent()'s earlier call, so clearing p->scx.sched is the only
work left - and the one thing the path actually needs.

Fixes: d3e73a0808dd ("sched_ext: Handle SCX_TASK_NONE in disable/switched_from paths")
Signed-off-by: Tejun Heo <tj@kernel.org>
---
 kernel/sched/ext.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 9354da79e162..8861b2deb504 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -3703,15 +3703,6 @@ static void scx_sub_init_cancel_task(struct scx_sched *sch, struct task_struct *
 static void scx_disable_and_exit_task(struct scx_sched *sch,
 				      struct task_struct *p)
 {
-	/*
-	 * %NONE means @p is already detached at the SCX level (e.g. handed
-	 * back to the parent by scx_fail_parent() with no init to undo).
-	 * Skip to avoid clobbering scx_task_sched() and writing %NONE again
-	 * on a state that's already %NONE.
-	 */
-	if (scx_get_task_state(p) == SCX_TASK_NONE)
-		return;
-
 	__scx_disable_and_exit_task(sch, p);

 	/*
-- 
2.51.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH sched_ext/for-7.1-fixes] sched_ext: Drop %NONE early return in scx_disable_and_exit_task()
  2026-05-12 18:30 [PATCH sched_ext/for-7.1-fixes] sched_ext: Drop %NONE early return in scx_disable_and_exit_task() Tejun Heo
@ 2026-05-12 20:08 ` Andrea Righi
  0 siblings, 0 replies; 2+ messages in thread
From: Andrea Righi @ 2026-05-12 20:08 UTC (permalink / raw)
  To: Tejun Heo; +Cc: void, changwoo, sched-ext, emil, linux-kernel

Hi Tejun,

On Tue, May 12, 2026 at 08:30:18AM -1000, Tejun Heo wrote:
> d3e73a0808dd ("sched_ext: Handle SCX_TASK_NONE in disable/switched_from
> paths") skipped the trailing scx_set_task_sched(p, NULL) on %NONE tasks.
> After scx_fail_parent() parks a task at %NONE/sched=parent and the
> parent is later freed via queue_rcu_work() during root_disable, the
> preserved p->scx.sched dangles - print_scx_info() from sched_show_task()
> reads sch->ops.name from freed memory.
> 
> Drop the early return. __scx_disable_and_exit_task() already short-
> circuits on %NONE and the SUB_INIT block was cleared by
> scx_fail_parent()'s earlier call, so clearing p->scx.sched is the only
> work left - and the one thing the path actually needs.
> 
> Fixes: d3e73a0808dd ("sched_ext: Handle SCX_TASK_NONE in disable/switched_from paths")
> Signed-off-by: Tejun Heo <tj@kernel.org>
> ---
>  kernel/sched/ext.c | 9 ---------
>  1 file changed, 9 deletions(-)
> 
> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
> index 9354da79e162..8861b2deb504 100644
> --- a/kernel/sched/ext.c
> +++ b/kernel/sched/ext.c
> @@ -3703,15 +3703,6 @@ static void scx_sub_init_cancel_task(struct scx_sched *sch, struct task_struct *
>  static void scx_disable_and_exit_task(struct scx_sched *sch,
>  				      struct task_struct *p)
>  {
> -	/*
> -	 * %NONE means @p is already detached at the SCX level (e.g. handed
> -	 * back to the parent by scx_fail_parent() with no init to undo).
> -	 * Skip to avoid clobbering scx_task_sched() and writing %NONE again
> -	 * on a state that's already %NONE.
> -	 */
> -	if (scx_get_task_state(p) == SCX_TASK_NONE)
> -		return;
> -
>  	__scx_disable_and_exit_task(sch, p);

I was wondering if a task here can have both SCX_TASK_SUB_INIT and
SCX_TASK_NONE, because in this case scx_sub_init_cancel_task() (called from the
SCX_TASK_SUB_INIT block, further down in this function) would be called for a
task that never entered the sub-sched initialization path, which would be
incorrect from a task lifecycle perspective.

But this should never happen: SCX_TASK_SUB_INIT is set in scx_sub_enable() on
tasks that just successfully passed __scx_init_task(sch, p, false) against a
child sub-sched, so those tasks are in READY/ENABLED, not NONE.

Maybe we can add something like this in the block below to make this clear:

 /*
  * SCX_TASK_SUB_INIT is only set on the sub-enable path, so it is always clear
  * when @p reaches this function with SCX_TASK_NONE.
  */

Apart than that, LGTM.

Reviewed-by: Andrea Righi <arighi@nvidia.com>

Thanks,
-Andrea

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-05-12 20:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 18:30 [PATCH sched_ext/for-7.1-fixes] sched_ext: Drop %NONE early return in scx_disable_and_exit_task() Tejun Heo
2026-05-12 20:08 ` Andrea Righi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox