Re: [PATCHSET sched_ext/for-7.1] sched_ext: Add verifier-time kfunc context filter

[Cheng-Yang Chou]

Hi Tejun, Andrea,

On Fri, Apr 10, 2026 at 07:45:32PM +0200, Andrea Righi wrote:
> On Thu, Apr 09, 2026 at 08:30:36PM -1000, Tejun Heo wrote:
> > Hello,
> > 
> > This moves enforcement of SCX context-sensitive kfunc restrictions from
> > runtime kf_mask checks to BPF verifier-time filtering, using the BPF core's
> > struct_ops context information.
> > 
> > This is based on work by Juntong Deng and Cheng-Yang Chou:
> > 
> >   https://lore.kernel.org/r/20260406154834.1920962-1-yphbchou0911@xxxxxxxxx
> > 
> > I ended up redoing the series. The number of changes needed and the
> > difficulty of validating each one made iterating through review emails
> > impractical:
> > 
> >  - Pre-existing call-site bugs needed fixing first. ops.cgroup_move() was
> >    mislabeled as SCX_KF_UNLOCKED when sched_move_task() actually holds the
> >    rq lock, and set_cpus_allowed_scx() passed rq=NULL to SCX_CALL_OP_TASK
> >    despite holding the rq lock. These had to be sorted out before the
> >    runtime-to-verifier conversion could be validated.
> > 
> >  - The macro-based kfunc ID deduplication (SCX_KFUNCS_*) made it hard to
> >    verify that the new code produced the same accept/reject verdicts as
> >    the old.
> > 
> >  - No systematic validation of the full (kfunc, caller) verdict matrix
> >    existed, so it wasn't clear whether the conversion was correct.
> > 
> > This series takes a different approach: first fix the call-site bugs that
> > made the conversion harder than it needed to be, then do the conversion in
> > small isolated steps, and verify the full verdict matrix at each stage.
> 
> Thanks Tejun, Juntong and Cheng-Yang for working on this!
> 
> I've done some basic smoke tests with this and everything seems to work fine so
> far. I'm planning to run more extensive performance tests, last time that I
> tried to brutally comment out scx_kf_allowed() I was getting some small but
> consistent performance improvements, so I'm expecting to notice something
> similar with this one. Will keep you informed.
> 

Thanks Tejun for the rework. The original patchset was indeed hard to
review and maintain, which is a great learning point for me moving forward.

Thanks also to Andrea for the guidance, and to Juntong for letting me
pick up his work.

Regarding selftests: do we need to add any for this series?
It was brought up during the review of Juntong's v3 patch,
but I haven't seen any further responses regarding this on my v4 patchset.

Happy to help if anything is missing!

-- 
Thanks,
Cheng-Yang