Re: [PATCH 1/2] sched_ext: Use rcu_dereference() for scx_root in dump paths

Next message: Mathieu Desnoyers: "Re: [PATCH 00/61] vfs: change inode-&gt;i_ino from unsigned long to u64"
Previous message: pr-tracker-bot: "Re: [GIT PULL] MMC fixes for v7.0-rc2"
In reply to: Tejun Heo: "Re: [PATCH 1/2] sched_ext: Use rcu_dereference() for scx_root in dump paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David CARLIER

Date: Fri Feb 27 2026 - 14:04:28 EST

Hi

On Fri, 27 Feb 2026 at 18:31, Tejun Heo <tj@xxxxxxxxxx> wrote:
>
> Hello,
>
> On Thu, Feb 26, 2026 at 05:26:39AM +0000, David Carlier wrote:
> > scx_dump_task() and scx_dump_state() read scx_root directly without
> > rcu_dereference() or NULL check. If the BPF scheduler is torn down
> > concurrently, scx_root can become NULL between the read and the
> > dereference in SCX_HAS_OP(), causing a NULL pointer dereference.
>
> scx_dump_state() is called from scx_error_irq_workfn() and
> sysrq_handle_sched_ext_dump(). SCX can't turn off before dump is complete in
> the former case. In the latter, scx_enabled() gates the call and it's in the
> irq context. When scx_enabled() turns off, there's synchronize_rcu() call
> afterwards before anything happens to scx_root. ie. It cannot go away in
> flight. This is the same synchronization that protect other in-flight sched
> ops.

Makes sense, the existing synchronization already covers it.
Sorry for the noise.

Cheers !

>
> Thanks.
>
> --
> tejun