* [PATCH] sched/ext: fix cpumask leak in scx_init() error path
@ 2026-04-08 17:23 KobaK
2026-04-08 17:34 ` Andrea Righi
2026-04-09 1:14 ` Tejun Heo
0 siblings, 2 replies; 4+ messages in thread
From: KobaK @ 2026-04-08 17:23 UTC (permalink / raw)
To: Tejun Heo
Cc: David Vernet, Andrea Righi, Changwoo Min, Ingo Molnar,
Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider,
sched-ext, linux-kernel, Koba Ko
From: Koba Ko <kobak@nvidia.com>
In scx_init(), two cpumask allocations are combined with || short-circuit
evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask)
succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first
cpumask is leaked.
Split the allocations into separate checks with per-allocation error
messages and free the first cpumask when the second allocation fails.
Fixes: 95d1df610cdc7 ("sched_ext: Implement load balancer for bypass mode")
Signed-off-by: Koba Ko <kobak@nvidia.com>
---
kernel/sched/ext.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index b757b853b42bb..0648088a76f09 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -9662,9 +9662,14 @@ static int __init scx_init(void)
return ret;
}
- if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) ||
- !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
- pr_err("sched_ext: Failed to allocate cpumasks\n");
+ if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) {
+ pr_err("sched_ext: Failed to allocate donee cpumask\n");
+ return -ENOMEM;
+ }
+
+ if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) {
+ pr_err("sched_ext: Failed to allocate resched cpumask\n");
+ free_cpumask_var(scx_bypass_lb_donee_cpumask);
return -ENOMEM;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path 2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK @ 2026-04-08 17:34 ` Andrea Righi 2026-04-08 18:54 ` Cheng-Yang Chou 2026-04-09 1:14 ` Tejun Heo 1 sibling, 1 reply; 4+ messages in thread From: Andrea Righi @ 2026-04-08 17:34 UTC (permalink / raw) To: KobaK Cc: Tejun Heo, David Vernet, Changwoo Min, Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider, sched-ext, linux-kernel Hi Koba, On Thu, Apr 09, 2026 at 01:23:12AM +0800, KobaK wrote: > From: Koba Ko <kobak@nvidia.com> > > In scx_init(), two cpumask allocations are combined with || short-circuit > evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask) > succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first > cpumask is leaked. > > Split the allocations into separate checks with per-allocation error > messages and free the first cpumask when the second allocation fails. > > Fixes: 95d1df610cdc7 ("sched_ext: Implement load balancer for bypass mode") > Signed-off-by: Koba Ko <kobak@nvidia.com> > --- > kernel/sched/ext.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c > index b757b853b42bb..0648088a76f09 100644 > --- a/kernel/sched/ext.c > +++ b/kernel/sched/ext.c > @@ -9662,9 +9662,14 @@ static int __init scx_init(void) > return ret; > } > > - if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) || > - !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) { > - pr_err("sched_ext: Failed to allocate cpumasks\n"); > + if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) { > + pr_err("sched_ext: Failed to allocate donee cpumask\n"); > + return -ENOMEM; > + } > + > + if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) { > + pr_err("sched_ext: Failed to allocate resched cpumask\n"); > + free_cpumask_var(scx_bypass_lb_donee_cpumask); We should probably do a proper teardown of the other stuff as well at some point (sysfs group, kset, PM notifier, etc.), but this looks good to me. > return -ENOMEM; > } > > -- > 2.43.0 > Acked-by: Andrea Righi <arighi@nvidia.com> Thanks, -Andrea ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path 2026-04-08 17:34 ` Andrea Righi @ 2026-04-08 18:54 ` Cheng-Yang Chou 0 siblings, 0 replies; 4+ messages in thread From: Cheng-Yang Chou @ 2026-04-08 18:54 UTC (permalink / raw) To: Andrea Righi Cc: KobaK, Tejun Heo, David Vernet, Changwoo Min, Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider, sched-ext, linux-kernel, Ching-Chun Huang, Chia-Ping Tsai Hi Andrea, Koba, On Wed, Apr 08, 2026 at 07:34:19PM +0200, Andrea Righi wrote: > > +++ b/kernel/sched/ext.c > > @@ -9662,9 +9662,14 @@ static int __init scx_init(void) > > return ret; > > } > > > > - if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL) || > > - !alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) { > > - pr_err("sched_ext: Failed to allocate cpumasks\n"); > > + if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) { > > + pr_err("sched_ext: Failed to allocate donee cpumask\n"); > > + return -ENOMEM; > > + } > > + > > + if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) { > > + pr_err("sched_ext: Failed to allocate resched cpumask\n"); > > + free_cpumask_var(scx_bypass_lb_donee_cpumask); > > We should probably do a proper teardown of the other stuff as well at some point > (sysfs group, kset, PM notifier, etc.), but this looks good to me. > > > return -ENOMEM; > > } Should kset_unregister() also be called in these error paths? scx_kset is allocated earlier in scx_init() and none of the failure paths after that call kset_unregister() scx_kset = kset_create_and_add("sched_ext", &scx_uevent_ops, kernel_kobj); ... ret = sysfs_create_group(&scx_kset->kobj, &scx_global_attr_group); if (ret < 0) { pr_err("sched_ext: Failed to add global attributes\n"); + kset_unregister(scx_kset); return ret; /* scx_kset leaked */ } if (!alloc_cpumask_var(&scx_bypass_lb_donee_cpumask, GFP_KERNEL)) { pr_err("sched_ext: Failed to allocate donee cpumask\n"); + kset_unregister(scx_kset); return -ENOMEM; /* scx_kset leaked */ } if (!alloc_cpumask_var(&scx_bypass_lb_resched_cpumask, GFP_KERNEL)) { pr_err("sched_ext: Failed to allocate resched cpumask\n"); free_cpumask_var(scx_bypass_lb_donee_cpumask); + kset_unregister(scx_kset); return -ENOMEM; /* scx_kset leaked */ } -- Thanks, Cheng-Yang ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sched/ext: fix cpumask leak in scx_init() error path 2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK 2026-04-08 17:34 ` Andrea Righi @ 2026-04-09 1:14 ` Tejun Heo 1 sibling, 0 replies; 4+ messages in thread From: Tejun Heo @ 2026-04-09 1:14 UTC (permalink / raw) To: KobaK Cc: David Vernet, Andrea Righi, Changwoo Min, Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, Valentin Schneider, sched-ext, linux-kernel On Thu, Apr 09, 2026 at 01:23:12AM +0800, KobaK wrote: > From: Koba Ko <kobak@nvidia.com> > > In scx_init(), two cpumask allocations are combined with || short-circuit > evaluation. If the first alloc_cpumask_var (scx_bypass_lb_donee_cpumask) > succeeds but the second (scx_bypass_lb_resched_cpumask) fails, the first > cpumask is leaked. This is an initcall. It runs once and failure is a kernel bug triggering a WARN. It won't fail and error handling is meaningless here. Once you fail one of these, the system is not in a good state as later code paths assume that these succeeded during boot. Not freeing is the least of our problems. Thanks. -- tejun ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-04-09 1:14 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-08 17:23 [PATCH] sched/ext: fix cpumask leak in scx_init() error path KobaK 2026-04-08 17:34 ` Andrea Righi 2026-04-08 18:54 ` Cheng-Yang Chou 2026-04-09 1:14 ` Tejun Heo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox