From: Andrea Righi <arighi@nvidia.com>
Date: Thu, 4 Sep 2025 18:23:48 +0000 (+0200)
Subject: sched_ext: Fix NULL dereference in scx_bpf_cpu_rq() warning
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=47d9f8212826753c482df8189d18ca212eb5ae73;p=users%2Fhch%2Fmisc.git

sched_ext: Fix NULL dereference in scx_bpf_cpu_rq() warning

When printing the deprecation warning for scx_bpf_cpu_rq(), we may hit a
NULL pointer dereference if the kfunc is called before a BPF scheduler
is fully attached, for example, when invoked from a BPF timer or during
ops.init():

 [   50.752775] BUG: kernel NULL pointer dereference, address: 0000000000000331
 ...
 [   50.764205] RIP: 0010:scx_bpf_cpu_rq+0x30/0xa0
 ...
 [   50.787661] Call Trace:
 [   50.788398]  <TASK>
 [   50.789061]  bpf_prog_08f7fd2dcb187aaf_wakeup_timerfn+0x75/0x1a8
 [   50.792477]  bpf_timer_cb+0x7e/0x140
 [   50.796003]  hrtimer_run_softirq+0x91/0xe0
 [   50.796952]  handle_softirqs+0xce/0x3c0
 [   50.799087]  run_ksoftirqd+0x3e/0x70
 [   50.800197]  smpboot_thread_fn+0x133/0x290
 [   50.802320]  kthread+0x115/0x220
 [   50.804984]  ret_from_fork+0x17a/0x1d0
 [   50.806920]  ret_from_fork_asm+0x1a/0x30
 [   50.807799]  </TASK>

Fix this by only printing the warning once the scheduler is fully
registered.

Fixes: 5c48d88fe0049 ("sched_ext: deprecation warn for scx_bpf_cpu_rq()")
Cc: Christian Loehle <christian.loehle@arm.com>
Signed-off-by: Andrea Righi <arighi@nvidia.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
---

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 4160a4a7af67..477eccf02338 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -6351,17 +6351,20 @@ __bpf_kfunc s32 scx_bpf_task_cpu(const struct task_struct *p)
  */
 __bpf_kfunc struct rq *scx_bpf_cpu_rq(s32 cpu)
 {
-	struct scx_sched *sch = scx_root;
+	struct scx_sched *sch;
 
 	if (!kf_cpu_valid(cpu, NULL))
 		return NULL;
 
-	if (!sch->warned_deprecated_rq) {
+	rcu_read_lock();
+	sch = rcu_dereference(scx_root);
+	if (likely(sch) && !sch->warned_deprecated_rq) {
 		printk_deferred(KERN_WARNING "sched_ext: %s() is deprecated; "
 				"use scx_bpf_locked_rq() when holding rq lock "
 				"or scx_bpf_cpu_curr() to read remote curr safely.\n", __func__);
 		sch->warned_deprecated_rq = true;
 	}
+	rcu_read_unlock();
 
 	return cpu_rq(cpu);
 }