[PATCH] sched/ext: fix cpumask leak in scx

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] sched/ext: fix cpumask leak in scx_init() error path
@ 2026-04-08 17:23 KobaK
  2026-04-08 17:34 ` Andrea Righi
  2026-04-09  1:14 ` Tejun Heo
  0 siblings, 2 replies; 4+ messages in thread
From: KobaK @ 2026-04-08 17:23 UTC (permalink / raw)
  To: Tejun Heo
  Cc: David Vernet, Andrea Righi, Changwoo Min, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
	Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider,
	sched-ext, linux-kernel, Koba Ko

From: Koba Ko <kobak@nvidia.com>

In scx_init(), two cpumask allocations are combined with || short-circuit
evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask)
succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first
cpumask is leaked.

Split the allocations into separate checks with per-allocation error
messages and free the first cpumask when the second allocation fails.

Fixes: 95d1df610cdc7 ("sched_ext: Implement load balancer for bypass mode")
Signed-off-by: Koba Ko <kobak@nvidia.com>
---
 kernel/sched/ext.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index b757b853b42bb..0648088a76f09 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -9662,9 +9662,14 @@ static int __init scx_init(void)
 		return ret;
 	}
 
-	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) ||
-	    !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
-		pr_err("sched_ext: Failed to allocate cpumasks\n");
+	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) {
+		pr_err("sched_ext: Failed to allocate donee cpumask\n");
+		return -ENOMEM;
+	}
+
+	if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
+		pr_err("sched_ext: Failed to allocate resched cpumask\n");
+		free_cpumask_var(scx_bypass_lb_donee_cpumask);
 		return -ENOMEM;
 	}
 
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path
  2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK
@ 2026-04-08 17:34 ` Andrea Righi
  2026-04-08 18:54   ` Cheng-Yang Chou
  2026-04-09  1:14 ` Tejun Heo
  1 sibling, 1 reply; 4+ messages in thread
From: Andrea Righi @ 2026-04-08 17:34 UTC (permalink / raw)
  To: KobaK
  Cc: Tejun Heo, David Vernet, Changwoo Min, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
	Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider,
	sched-ext, linux-kernel

Hi Koba,

On Thu, Apr 09, 2026 at 01:23:12AM +0800, KobaK wrote:
> From: Koba Ko <kobak@nvidia.com>
> 
> In scx_init(), two cpumask allocations are combined with || short-circuit
> evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask)
> succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first
> cpumask is leaked.
> 
> Split the allocations into separate checks with per-allocation error
> messages and free the first cpumask when the second allocation fails.
> 
> Fixes: 95d1df610cdc7 ("sched_ext: Implement load balancer for bypass mode")
> Signed-off-by: Koba Ko <kobak@nvidia.com>
> ---
>  kernel/sched/ext.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
> index b757b853b42bb..0648088a76f09 100644
> --- a/kernel/sched/ext.c
> +++ b/kernel/sched/ext.c
> @@ -9662,9 +9662,14 @@ static int __init scx_init(void)
>  		return ret;
>  	}
>  
> -	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) ||
> -	    !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
> -		pr_err("sched_ext: Failed to allocate cpumasks\n");
> +	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) {
> +		pr_err("sched_ext: Failed to allocate donee cpumask\n");
> +		return -ENOMEM;
> +	}
> +
> +	if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
> +		pr_err("sched_ext: Failed to allocate resched cpumask\n");
> +		free_cpumask_var(scx_bypass_lb_donee_cpumask);

We should probably do a proper teardown of the other stuff as well at some point
(sysfs group, kset, PM notifier, etc.), but this looks good to me.

>  		return -ENOMEM;
>  	}
>  
> -- 
> 2.43.0
> 

Acked-by: Andrea Righi <arighi@nvidia.com>

Thanks,
-Andrea

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path
  2026-04-08 17:34 ` Andrea Righi
@ 2026-04-08 18:54   ` Cheng-Yang Chou
  0 siblings, 0 replies; 4+ messages in thread
From: Cheng-Yang Chou @ 2026-04-08 18:54 UTC (permalink / raw)
  To: Andrea Righi
  Cc: KobaK, Tejun Heo, David Vernet, Changwoo Min, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
	Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider,
	sched-ext, linux-kernel, Ching-Chun Huang, Chia-Ping Tsai

Hi Andrea, Koba,

On Wed, Apr 08, 2026 at 07:34:19PM +0200, Andrea Righi wrote:
> > +++ b/kernel/sched/ext.c
> > @@ -9662,9 +9662,14 @@ static int __init scx_init(void)
> >  		return ret;
> >  	}
> >  
> > -	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) ||
> > -	    !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
> > -		pr_err("sched_ext: Failed to allocate cpumasks\n");
> > +	if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) {
> > +		pr_err("sched_ext: Failed to allocate donee cpumask\n");
> > +		return -ENOMEM;
> > +	}
> > +
> > +	if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
> > +		pr_err("sched_ext: Failed to allocate resched cpumask\n");
> > +		free_cpumask_var(scx_bypass_lb_donee_cpumask);
> 
> We should probably do a proper teardown of the other stuff as well at some point
> (sysfs group, kset, PM notifier, etc.), but this looks good to me.
> 
> >  		return -ENOMEM;
> >  	}

Should kset_unregister() also be called in these error paths?

scx_kset is allocated earlier in scx_init() and none of the failure
paths after that call kset_unregister()

	scx_kset = kset_create_and_add("sched_ext", &scx_uevent_ops, kernel_kobj);
	...
	ret = sysfs_create_group(&scx_kset->kobj, &scx_global_attr_group);
	if (ret < 0) {
		pr_err("sched_ext: Failed to add global attributes\n");
+		kset_unregister(scx_kset);
		return ret;	/* scx_kset leaked */
	}

    if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) {
		pr_err("sched_ext: Failed to allocate donee cpumask\n");
+		kset_unregister(scx_kset);
		return -ENOMEM;	/* scx_kset leaked */
	}

	if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
		pr_err("sched_ext: Failed to allocate resched cpumask\n");
		free_cpumask_var(scx_bypass_lb_donee_cpumask);
+		kset_unregister(scx_kset);
		return -ENOMEM;	/* scx_kset leaked */
	}
-- 
Thanks,
Cheng-Yang

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path
  2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK
  2026-04-08 17:34 ` Andrea Righi
@ 2026-04-09  1:14 ` Tejun Heo
  1 sibling, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2026-04-09  1:14 UTC (permalink / raw)
  To: KobaK
  Cc: David Vernet, Andrea Righi, Changwoo Min, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
	Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider,
	sched-ext, linux-kernel

On Thu, Apr 09, 2026 at 01:23:12AM +0800, KobaK wrote:
> From: Koba Ko <kobak@nvidia.com>
> 
> In scx_init(), two cpumask allocations are combined with || short-circuit
> evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask)
> succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first
> cpumask is leaked.

This is an initcall. It runs once and failure is a kernel bug triggering a
WARN. It won't fail and error handling is meaningless here. Once you fail
one of these, the system is not in a good state as later code paths assume
that these succeeded during boot. Not freeing is the least of our problems.

Thanks.

-- 
tejun

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-04-09  1:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK
2026-04-08 17:34 ` Andrea Righi
2026-04-08 18:54   ` Cheng-Yang Chou
2026-04-09  1:14 ` Tejun Heo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox