git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Tejun Heo <tj@kernel.org>
	Tue, 9 Dec 2025 21:04:33 +0000 (11:04 -1000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 2 Jan 2026 11:57:06 +0000 (12:57 +0100)
commit	5ddd444484bea3e70521f6136cda9caf3d77adcc
tree	f1a27ed9ed54500ab017efe7ba3deec6bafd795e	tree \| snapshot
parent	ff67270a177f4fea5a78f6d8ac799e0ee1b05b5e	commit \| diff

sched_ext: Fix bypass depth leak on scx_enable() failure

commit 9f769637a93fac81689b80df6855f545839cf999 upstream.

scx_enable() calls scx_bypass(true) to initialize in bypass mode and then
scx_bypass(false) on success to exit. If scx_enable() fails during task
initialization - e.g. scx_cgroup_init() or scx_init_task() returns an error -
it jumps to err_disable while bypass is still active. scx_disable_workfn()
then calls scx_bypass(true/false) for its own bypass, leaving the bypass depth
at 1 instead of 0. This causes the system to remain permanently in bypass mode
after a failed scx_enable().

Failures after task initialization is complete - e.g. scx_tryset_enable_state()
at the end - already call scx_bypass(false) before reaching the error path and
are not affected. This only affects a subset of failure modes.

Fix it by tracking whether scx_enable() called scx_bypass(true) in a bool and
having scx_disable_workfn() call an extra scx_bypass(false) to clear it. This
is a temporary measure as the bypass depth will be moved into the sched
instance, which will make this tracking unnecessary.

Fixes: 8c2090c504e9 ("sched_ext: Initialize in bypass mode")
Cc: stable@vger.kernel.org # v6.12+
Reported-by: Chris Mason <clm@meta.com>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
Link: https://lore.kernel.org/stable/286e6f7787a81239e1ce2989b52391ce%40kernel.org
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>