[PATCH sched_ext/for-7.2] sched_ext: Fix ops_cid layout assert

[Tejun Heo]

ca1d48a86fab ("sched_ext: Use offsetofend on both sides of the ops_cid
layout assert") replaced sizeof() with offsetofend() to dodge 32-bit
PPC trailing padding, but the resulting check is tautological: with
CID_OFFSET_MATCH(priv, priv) already enforcing offsetof(priv) equality
and @priv being the same type in both structs, the two offsetofends
are equal by construction. The original protection - catching a stray
field added past @priv in sched_ext_ops_cid - is gone.

Anchor on a zero-size __end[] marker appended after @priv. Its offset
sits flush after @priv regardless of trailing struct padding; if a
field is inserted past @priv, __end shifts and the assert fires.

Closes: https://lore.kernel.org/all/20260508215211.0C03AC2BCB0@xxxxxxxxxxxxxxx/
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
---
 kernel/sched/ext.c          | 6 ++----
 kernel/sched/ext_internal.h | 3 +++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index f86ee15be7cb..b685f45b4fd0 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -10380,11 +10380,9 @@ static int __init scx_init(void)
 	/*
 	 * cid-form must end exactly at @priv - validate_ops() skips
 	 * cpu_acquire/cpu_release for cid-form because reading those fields
-	 * past the BPF allocation would be UB. offsetofend() on both sides
-	 * instead of sizeof() on sched_ext_ops_cid to sidestep trailing
-	 * struct padding (e.g. 32-bit PPC tail-pads ops_cid past @priv).
+	 * past the BPF allocation would be UB.
 	 */
-	BUILD_BUG_ON(offsetofend(struct sched_ext_ops_cid, priv) !=
+	BUILD_BUG_ON(offsetof(struct sched_ext_ops_cid, __end) !=
 		     offsetofend(struct sched_ext_ops, priv));
 #undef CID_OFFSET_MATCH
 
diff --git a/kernel/sched/ext_internal.h b/kernel/sched/ext_internal.h
index 0ed79bd891c7..cd33984cffcf 100644
--- a/kernel/sched/ext_internal.h
+++ b/kernel/sched/ext_internal.h
@@ -938,6 +938,9 @@ struct sched_ext_ops_cid {
 
 	/* internal use only, must be NULL */
 	void __rcu *priv;
+
+	/* layout end anchor for the BUILD_BUG_ON in scx_init(); keep last */
+	char __end[0];
 };
 
 enum scx_opi {
-- 
2.54.0