lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <16b9e714-e6f8-49e5-a885-3c9e85f873b7@arm.com>
Date: Thu, 18 Sep 2025 16:48:14 +0100
From: Christian Loehle <christian.loehle@....com>
To: Andrea Righi <arighi@...dia.com>, Tejun Heo <tj@...nel.org>
Cc: David Vernet <void@...ifault.com>, Changwoo Min <changwoo@...lia.com>,
 Kumar Kartikeya Dwivedi <memxor@...il.com>, sched-ext@...ts.linux.dev,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH sched_ext/for-6.18] sched_ext: Acquire task reference in
 scx_bpf_cpu_curr()

On 9/9/25 21:45, Andrea Righi wrote:
> Hi Tejun,
> 
> On Tue, Sep 09, 2025 at 10:01:16AM -1000, Tejun Heo wrote:
>> Hello, Andrea.
>>
>> On Tue, Sep 09, 2025 at 09:57:09PM +0200, Andrea Righi wrote:
>>> scx_bpf_cpu_curr() has been introduced to retrieve the current task of a
>>> given runqueue, allowing schedulers to interact with that task.
>>>
>>> The kfunc assumes that it is always called in an RCU context, but this
>>> is not always guaranteed and some BPF schedulers can trigger the
>>> following warning:
>>>
>>>   WARNING: suspicious RCU usage
>>>   sched_ext: BPF scheduler "cosmos_1.0.2_gd0e71ca_x86_64_unknown_linux_gnu_debug" enabled
>>>   6.17.0-rc1 #1-NixOS Not tainted
>>>   -----------------------------
>>>   kernel/sched/ext.c:6415 suspicious rcu_dereference_check() usage!
>>>
>>> The correct behavior is to acquire a reference to the returned task, so
>>> the scheduler can safely access it and then release it with
>>> bpf_task_release().
>>>
>>> Update the kfunc and the corresponding compatibility helper to implement
>>> reference acquisition and prevent potential RCU warnings.
>>
>> I think KF_RCU likely fits better for peeking kernel data structures than
>> having to acquire/release them. Can you post the full backtrace? Is it being
>> called from a sleepable bpf prog? Or is it that we just need to expand the
>> rcu check scope to cover regular rcu, bh and sched? And, everything aside,
>> if KF_RCU, should we be tripping on rcu_dereference() in the first place?
> 
> For the records, as discussed offline, we should be fine marking the kfunc
> as KF_RCU_PROTECTED instead of acquiring the reference to the task.
> 
> Right now the kfunc is marked as KF_RCU, which is not really necessary,
> because KF_RCU ensures the kfunc *arguments* are either RCU-protected or
> trusted.
> 
> KF_RCU_PROTECTED, instead, should ensure that the kfunc is called inside an
> RCU read-side critical section, that is what we need.
> 
> In this way the kfunc can safely return a pointer to the task and sleepable
> BPF programs can wrap the call in a bpf_rcu_read_lock/unlock() section.
> This should prevent the RCU warning while still letting schedulers safely
> use the returned task.
> 
> I'll send a new patch with a proper fix.
> 
Hi Andrea,
is this patch still outstanding or am I out of the loop now?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ