lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aMwuFX4glQ0YZGb0@gpd4>
Date: Thu, 18 Sep 2025 18:06:45 +0200
From: Andrea Righi <arighi@...dia.com>
To: Christian Loehle <christian.loehle@....com>
Cc: Tejun Heo <tj@...nel.org>, David Vernet <void@...ifault.com>,
	Changwoo Min <changwoo@...lia.com>,
	Kumar Kartikeya Dwivedi <memxor@...il.com>,
	sched-ext@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH sched_ext/for-6.18] sched_ext: Acquire task reference in
 scx_bpf_cpu_curr()

Hi Christian,

On Thu, Sep 18, 2025 at 04:48:14PM +0100, Christian Loehle wrote:
> On 9/9/25 21:45, Andrea Righi wrote:
> > Hi Tejun,
> > 
> > On Tue, Sep 09, 2025 at 10:01:16AM -1000, Tejun Heo wrote:
> >> Hello, Andrea.
> >>
> >> On Tue, Sep 09, 2025 at 09:57:09PM +0200, Andrea Righi wrote:
> >>> scx_bpf_cpu_curr() has been introduced to retrieve the current task of a
> >>> given runqueue, allowing schedulers to interact with that task.
> >>>
> >>> The kfunc assumes that it is always called in an RCU context, but this
> >>> is not always guaranteed and some BPF schedulers can trigger the
> >>> following warning:
> >>>
> >>>   WARNING: suspicious RCU usage
> >>>   sched_ext: BPF scheduler "cosmos_1.0.2_gd0e71ca_x86_64_unknown_linux_gnu_debug" enabled
> >>>   6.17.0-rc1 #1-NixOS Not tainted
> >>>   -----------------------------
> >>>   kernel/sched/ext.c:6415 suspicious rcu_dereference_check() usage!
> >>>
> >>> The correct behavior is to acquire a reference to the returned task, so
> >>> the scheduler can safely access it and then release it with
> >>> bpf_task_release().
> >>>
> >>> Update the kfunc and the corresponding compatibility helper to implement
> >>> reference acquisition and prevent potential RCU warnings.
> >>
> >> I think KF_RCU likely fits better for peeking kernel data structures than
> >> having to acquire/release them. Can you post the full backtrace? Is it being
> >> called from a sleepable bpf prog? Or is it that we just need to expand the
> >> rcu check scope to cover regular rcu, bh and sched? And, everything aside,
> >> if KF_RCU, should we be tripping on rcu_dereference() in the first place?
> > 
> > For the records, as discussed offline, we should be fine marking the kfunc
> > as KF_RCU_PROTECTED instead of acquiring the reference to the task.
> > 
> > Right now the kfunc is marked as KF_RCU, which is not really necessary,
> > because KF_RCU ensures the kfunc *arguments* are either RCU-protected or
> > trusted.
> > 
> > KF_RCU_PROTECTED, instead, should ensure that the kfunc is called inside an
> > RCU read-side critical section, that is what we need.
> > 
> > In this way the kfunc can safely return a pointer to the task and sleepable
> > BPF programs can wrap the call in a bpf_rcu_read_lock/unlock() section.
> > This should prevent the RCU warning while still letting schedulers safely
> > use the returned task.
> > 
> > I'll send a new patch with a proper fix.
> > 
> Hi Andrea,
> is this patch still outstanding or am I out of the loop now?

I have a fix in my tree:
https://git.kernel.org/pub/scm/linux/kernel/git/arighi/linux.git/commit/?h=scx-6.18&id=225dccfba74877ba7c74971801f8d8f47d124373

But it also requires this fix for BPF as well:
https://lore.kernel.org/all/20250917032755.4068726-1-memxor@gmail.com/

I was waiting for the BPF fix to land in bpf-next, then I was planning to
send the fix for the scx_bpf_cpu_curr() kfunc (I'll add you in cc).

-Andrea

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ