* [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert
@ 2026-05-08 23:59 Tejun Heo
2026-05-09 14:37 ` Emil Tsalapatis
2026-05-09 15:53 ` Tejun Heo
0 siblings, 2 replies; 3+ messages in thread
From: Tejun Heo @ 2026-05-08 23:59 UTC (permalink / raw)
To: sched-ext, David Vernet, Andrea Righi, Changwoo Min
Cc: Emil Tsalapatis, linux-kernel
ca1d48a86fab ("sched_ext: Use offsetofend on both sides of the ops_cid
layout assert") replaced sizeof() with offsetofend() to dodge 32-bit
PPC trailing padding, but the resulting check is tautological: with
CID_OFFSET_MATCH(priv, priv) already enforcing offsetof(priv) equality
and @priv being the same type in both structs, the two offsetofends
are equal by construction. The original protection - catching a stray
field added past @priv in sched_ext_ops_cid - is gone.
Anchor on a zero-size __end[] marker appended after @priv. Its offset
sits flush after @priv regardless of trailing struct padding; if a
field is inserted past @priv, __end shifts and the assert fires.
Closes: https://lore.kernel.org/all/20260508215211.0C03AC2BCB0@smtp.kernel.org/
Signed-off-by: Tejun Heo <tj@kernel.org>
---
kernel/sched/ext.c | 6 ++----
kernel/sched/ext_internal.h | 3 +++
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index f86ee15be7cb..b685f45b4fd0 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -10380,11 +10380,9 @@ static int __init scx_init(void)
/*
* cid-form must end exactly at @priv - validate_ops() skips
* cpu_acquire/cpu_release for cid-form because reading those fields
- * past the BPF allocation would be UB. offsetofend() on both sides
- * instead of sizeof() on sched_ext_ops_cid to sidestep trailing
- * struct padding (e.g. 32-bit PPC tail-pads ops_cid past @priv).
+ * past the BPF allocation would be UB.
*/
- BUILD_BUG_ON(offsetofend(struct sched_ext_ops_cid, priv) !=
+ BUILD_BUG_ON(offsetof(struct sched_ext_ops_cid, __end) !=
offsetofend(struct sched_ext_ops, priv));
#undef CID_OFFSET_MATCH
diff --git a/kernel/sched/ext_internal.h b/kernel/sched/ext_internal.h
index 0ed79bd891c7..cd33984cffcf 100644
--- a/kernel/sched/ext_internal.h
+++ b/kernel/sched/ext_internal.h
@@ -938,6 +938,9 @@ struct sched_ext_ops_cid {
/* internal use only, must be NULL */
void __rcu *priv;
+
+ /* layout end anchor for the BUILD_BUG_ON in scx_init(); keep last */
+ char __end[0];
};
enum scx_opi {
--
2.54.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert
2026-05-08 23:59 [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert Tejun Heo
@ 2026-05-09 14:37 ` Emil Tsalapatis
2026-05-09 15:53 ` Tejun Heo
1 sibling, 0 replies; 3+ messages in thread
From: Emil Tsalapatis @ 2026-05-09 14:37 UTC (permalink / raw)
To: Tejun Heo, sched-ext, David Vernet, Andrea Righi, Changwoo Min
Cc: Emil Tsalapatis, linux-kernel
On Fri May 8, 2026 at 7:59 PM EDT, Tejun Heo wrote:
> ca1d48a86fab ("sched_ext: Use offsetofend on both sides of the ops_cid
> layout assert") replaced sizeof() with offsetofend() to dodge 32-bit
> PPC trailing padding, but the resulting check is tautological: with
> CID_OFFSET_MATCH(priv, priv) already enforcing offsetof(priv) equality
> and @priv being the same type in both structs, the two offsetofends
> are equal by construction. The original protection - catching a stray
> field added past @priv in sched_ext_ops_cid - is gone.
>
> Anchor on a zero-size __end[] marker appended after @priv. Its offset
> sits flush after @priv regardless of trailing struct padding; if a
> field is inserted past @priv, __end shifts and the assert fires.
>
> Closes: https://lore.kernel.org/all/20260508215211.0C03AC2BCB0@smtp.kernel.org/
> Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
> ---
> kernel/sched/ext.c | 6 ++----
> kernel/sched/ext_internal.h | 3 +++
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
> index f86ee15be7cb..b685f45b4fd0 100644
> --- a/kernel/sched/ext.c
> +++ b/kernel/sched/ext.c
> @@ -10380,11 +10380,9 @@ static int __init scx_init(void)
> /*
> * cid-form must end exactly at @priv - validate_ops() skips
> * cpu_acquire/cpu_release for cid-form because reading those fields
> - * past the BPF allocation would be UB. offsetofend() on both sides
> - * instead of sizeof() on sched_ext_ops_cid to sidestep trailing
> - * struct padding (e.g. 32-bit PPC tail-pads ops_cid past @priv).
> + * past the BPF allocation would be UB.
> */
> - BUILD_BUG_ON(offsetofend(struct sched_ext_ops_cid, priv) !=
> + BUILD_BUG_ON(offsetof(struct sched_ext_ops_cid, __end) !=
> offsetofend(struct sched_ext_ops, priv));
> #undef CID_OFFSET_MATCH
>
> diff --git a/kernel/sched/ext_internal.h b/kernel/sched/ext_internal.h
> index 0ed79bd891c7..cd33984cffcf 100644
> --- a/kernel/sched/ext_internal.h
> +++ b/kernel/sched/ext_internal.h
> @@ -938,6 +938,9 @@ struct sched_ext_ops_cid {
>
> /* internal use only, must be NULL */
> void __rcu *priv;
> +
> + /* layout end anchor for the BUILD_BUG_ON in scx_init(); keep last */
> + char __end[0];
> };
>
> enum scx_opi {
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert
2026-05-08 23:59 [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert Tejun Heo
2026-05-09 14:37 ` Emil Tsalapatis
@ 2026-05-09 15:53 ` Tejun Heo
1 sibling, 0 replies; 3+ messages in thread
From: Tejun Heo @ 2026-05-09 15:53 UTC (permalink / raw)
To: sched-ext, David Vernet, Andrea Righi, Changwoo Min
Cc: Emil Tsalapatis, linux-kernel
Hello,
Applied to sched_ext/for-7.2.
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-09 15:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-08 23:59 [PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert Tejun Heo
2026-05-09 14:37 ` Emil Tsalapatis
2026-05-09 15:53 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox