* [PATCH sched_ext/for-7.1-fixes] sched_ext: Use global task iter in scx_sub_enable_workfn() abort
@ 2026-04-25 2:37 Cheng-Yang Chou
2026-04-28 0:25 ` Tejun Heo
0 siblings, 1 reply; 2+ messages in thread
From: Cheng-Yang Chou @ 2026-04-25 2:37 UTC (permalink / raw)
To: sched-ext, Tejun Heo, David Vernet, Andrea Righi, Changwoo Min
Cc: Ching-Chun Huang, Chia-Ping Tsai, yphbchou0911
cgroup_exit() removes tasks from cg_list before sched_ext_dead() runs,
causing cgroup-scoped iterators to skip exiting tasks. During abort,
this leaves SCX_TASK_SUB_INIT set on those tasks. Since the abort path
clears scx_enabling_sub_sched, these tasks later skip cleanup in
scx_disable_and_exit_task(), leaking BPF resources.
Use global iteration to ensure all marked tasks are cleaned up.
Fixes: 21a5a97ba478 ("sched_ext: Don't disable tasks in scx_sub_enable_workfn() abort path")
Reported-by: https://sashiko.dev/#/patchset/20260424204418.3809733-1-tj%40kernel.org?part=4
Signed-off-by: Cheng-Yang Chou <yphbchou0911@gmail.com>
---
kernel/sched/ext.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index f7b1b16e81a5..1225349a8134 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -7292,10 +7292,14 @@ static void scx_sub_enable_workfn(struct kthread_work *work)
* Undo __scx_init_task() for tasks we marked. scx_enable_task() never
* ran for @sch on them, so calling scx_disable_task() here would invoke
* ops.disable() without a matching ops.enable(). scx_enabling_sub_sched
- * must stay set until SUB_INIT is cleared from every marked task -
- * scx_disable_and_exit_task() reads it when a task exits concurrently.
+ * must stay set until SUB_INIT is cleared from every marked task.
+ *
+ * We iterate all tasks instead of just the ones in @sch->cgrp as some
+ * tasks may have already called cgroup_exit() and are no longer visible
+ * in the cgroup's css_task_iter. scx_disable_and_exit_task() reads
+ * scx_enabling_sub_sched when such a task exits concurrently.
*/
- scx_task_iter_start(&sti, sch->cgrp);
+ scx_task_iter_start(&sti, NULL);
while ((p = scx_task_iter_next_locked(&sti))) {
if (p->scx.flags & SCX_TASK_SUB_INIT) {
scx_sub_init_cancel_task(sch, p);
--
2.48.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH sched_ext/for-7.1-fixes] sched_ext: Use global task iter in scx_sub_enable_workfn() abort
2026-04-25 2:37 [PATCH sched_ext/for-7.1-fixes] sched_ext: Use global task iter in scx_sub_enable_workfn() abort Cheng-Yang Chou
@ 2026-04-28 0:25 ` Tejun Heo
0 siblings, 0 replies; 2+ messages in thread
From: Tejun Heo @ 2026-04-28 0:25 UTC (permalink / raw)
To: Cheng-Yang Chou
Cc: sched-ext, David Vernet, Andrea Righi, Changwoo Min,
Ching-Chun Huang, Chia-Ping Tsai, Emil Tsalapatis, linux-kernel
Hello,
The bug you reported is real but the proposed fix isn't quite right -
switching to global iteration in the abort path closes one window but
leaves scx_sub_disable() and scx_fail_parent() exposed to the same
iter-vs-sched_ext_dead() race in different forms, and the prep loop in
scx_sub_enable_workfn() also has problems with tasks past
sched_ext_dead().
I've posted a two-patch series that addresses the underlying issue at
the iter level:
https://lore.kernel.org/lkml/20260428001635.3293997-1-tj@kernel.org/
Thanks for the report.
--
tejun
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-28 0:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-25 2:37 [PATCH sched_ext/for-7.1-fixes] sched_ext: Use global task iter in scx_sub_enable_workfn() abort Cheng-Yang Chou
2026-04-28 0:25 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox