| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260203031954.915681-1-suzhidao@xiaomi.com>
Date: Tue, 3 Feb 2026 11:19:54 +0800
From: zhidao su <soolaugust@...il.com>
To: tj@...nel.org,
void@...ifault.com,
arighi@...dia.com,
changwoo@...lia.com
Cc: sched-ext@...ts.linux.dev,
linux-kernel@...r.kernel.org,
suzhidao@...omi.com
Subject: [PATCH] tools/sched_ext: Improve BPF verifier arena detection workaround
Replace the BPF verifier workaround in scx_sdt scheduler with a more
elegant solution that:
1. Uses volatile cast instead of bpf_printk to generate LD.IMM instruction
without producing unnecessary output
2. Adds conditional compilation based on __BPF_FEATURE_ADDR_SPACE_CAST
to eliminate the workaround entirely on modern toolchains
3. Updates documentation to reflect broader compatibility concerns
This eliminates the side effects of the previous hack while maintaining
compatibility across different kernel/BPF toolchain versions.
Signed-off-by: zhidao su <suzhidao@...omi.com>
---
tools/sched_ext/scx_sdt.bpf.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/tools/sched_ext/scx_sdt.bpf.c b/tools/sched_ext/scx_sdt.bpf.c
index 31b09958e8d5..88ac3043a643 100644
--- a/tools/sched_ext/scx_sdt.bpf.c
+++ b/tools/sched_ext/scx_sdt.bpf.c
@@ -64,15 +64,15 @@ DEFINE_SDT_STAT(select_busy_cpu);
static __u64 zero = 0;
/*
- * XXX Hack to get the verifier to find the arena for sdt_exit_task.
- * As of 6.12-rc5, The verifier associates arenas with programs by
- * checking LD.IMM instruction operands for an arena and populating
- * the program state with the first instance it finds. This requires
- * accessing our global arena variable, but scx methods do not necessarily
- * do so while still using pointers from that arena. Insert a bpf_printk
- * statement that triggers at most once to generate an LD.IMM instruction
- * to access the arena and help the verifier.
+ * Helper to ensure BPF verifier can track arena usage.
+ * On older toolchains, the verifier may not automatically detect arena usage
+ * through indirect references, so we provide an explicit reference.
*/
+#if defined(__BPF_FEATURE_ADDR_SPACE_CAST)
+/* Modern toolchains don't need the workaround */
+#define scx_arena_subprog_init() do { } while (0)
+#else
+/* Older toolchains need explicit arena reference for verifier */
static volatile bool scx_arena_verify_once;
__hidden void scx_arena_subprog_init(void)
@@ -80,9 +80,15 @@ __hidden void scx_arena_subprog_init(void)
if (scx_arena_verify_once)
return;
- bpf_printk("%s: arena pointer %p", __func__, &arena);
+ /*
+ * Generate LD.IMM instruction to help BPF verifier track arena usage.
+ * The volatile cast ensures the compiler doesn't optimize away the reference.
+ */
+ (void)*(volatile void **)&arena;
+
scx_arena_verify_once = true;
}
+#endif
private(LOCK) struct bpf_spin_lock alloc_lock;
--
2.43.0
Powered by blists - more mailing lists