www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Andrea Righi <arighi@nvidia.com>
	Wed, 30 Apr 2025 08:40:21 +0000 (10:40 +0200)
committer	Tejun Heo <tj@kernel.org>
	Wed, 30 Apr 2025 22:47:17 +0000 (12:47 -1000)
commit	c8fafb34854af4f5036ee0cf582e4b00556c5cd0
tree	359cc92d766681f95fbbe3363d2628df7bb9115d	tree
parent	c01adf4097113f0732a0c975de686232829dcb72	commit \| diff

sched_ext: Avoid NULL scx_root deref in __scx_exit()

A sched_ext scheduler may trigger __scx_exit() from a BPF timer
callback, where scx_root may not be safely dereferenced.

This can lead to a NULL pointer dereference as shown below (triggered by
scx_tickless):

BUG: kernel NULL pointer dereference, address: 0000000000000330
...
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.14.0-virtme #1 PREEMPT(full)
RIP: 0010:__scx_exit+0x2b/0x190
...
Call Trace:
  <IRQ>
  scx_bpf_get_idle_smtmask+0x59/0x80
  bpf_prog_8320d4217989178c_dispatch_all_cpus+0x35/0x1b6
...
  bpf_prog_97f847d871513f95_sched_timerfn+0x4c/0x264
  bpf_timer_cb+0x7a/0x140
  __hrtimer_run_queues+0x1f9/0x3a0
  hrtimer_run_softirq+0x8c/0xd0
  handle_softirqs+0xd3/0x3d0
  __irq_exit_rcu+0x9a/0xc0
  irq_exit_rcu+0xe/0x20

Fix this by checking for a valid scx_root and adding proper RCU
protection.

Fixes: 48e1267773866 ("sched_ext: Introduce scx_sched")
Signed-off-by: Andrea Righi <arighi@nvidia.com>
Signed-off-by: Tejun Heo <tj@kernel.org>