From: Greg Kroah-Hartman Date: Thu, 19 Mar 2026 09:31:19 +0000 (+0100) Subject: 6.19-stable patches X-Git-Tag: v6.18.19~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a26324787bb7010bb329ee2c363e2a8d3958bc75;p=thirdparty%2Fkernel%2Fstable-queue.git 6.19-stable patches added patches: sched_ext-use-write_once-for-the-write-side-of-scx_enable-helper-pointer.patch --- diff --git a/queue-6.19/sched_ext-use-write_once-for-the-write-side-of-scx_enable-helper-pointer.patch b/queue-6.19/sched_ext-use-write_once-for-the-write-side-of-scx_enable-helper-pointer.patch new file mode 100644 index 0000000000..8ed57f105e --- /dev/null +++ b/queue-6.19/sched_ext-use-write_once-for-the-write-side-of-scx_enable-helper-pointer.patch @@ -0,0 +1,62 @@ +From 2fcfe5951eb2e8440fc5e1dd6ea977336ff83a1d Mon Sep 17 00:00:00 2001 +From: zhidao su +Date: Mon, 9 Mar 2026 10:46:12 +0800 +Subject: sched_ext: Use WRITE_ONCE() for the write side of scx_enable helper pointer + +From: zhidao su + +commit 2fcfe5951eb2e8440fc5e1dd6ea977336ff83a1d upstream. + +scx_enable() uses double-checked locking to lazily initialize a static +kthread_worker pointer. The fast path reads helper locklessly: + + if (!READ_ONCE(helper)) { // lockless read -- no helper_mutex + +The write side initializes helper under helper_mutex, but previously +used a plain assignment: + + helper = kthread_run_worker(0, "scx_enable_helper"); + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + plain write -- KCSAN data race with READ_ONCE() above + +Since READ_ONCE() on the fast path and the plain write on the +initialization path access the same variable without a common lock, +they constitute a data race. KCSAN requires that all sides of a +lock-free access use READ_ONCE()/WRITE_ONCE() consistently. + +Use a temporary variable to stage the result of kthread_run_worker(), +and only WRITE_ONCE() into helper after confirming the pointer is +valid. This avoids a window where a concurrent caller on the fast path +could observe an ERR pointer via READ_ONCE(helper) before the error +check completes. + +Fixes: b06ccbabe250 ("sched_ext: Fix starvation of scx_enable() under fair-class saturation") +Signed-off-by: zhidao su +Acked-by: Andrea Righi +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sched/ext.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/kernel/sched/ext.c ++++ b/kernel/sched/ext.c +@@ -5219,13 +5219,14 @@ static int scx_enable(struct sched_ext_o + if (!READ_ONCE(helper)) { + mutex_lock(&helper_mutex); + if (!helper) { +- helper = kthread_run_worker(0, "scx_enable_helper"); +- if (IS_ERR_OR_NULL(helper)) { +- helper = NULL; ++ struct kthread_worker *w = ++ kthread_run_worker(0, "scx_enable_helper"); ++ if (IS_ERR_OR_NULL(w)) { + mutex_unlock(&helper_mutex); + return -ENOMEM; + } +- sched_set_fifo(helper->task); ++ sched_set_fifo(w->task); ++ WRITE_ONCE(helper, w); + } + mutex_unlock(&helper_mutex); + } diff --git a/queue-6.19/series b/queue-6.19/series index 5f11af78ca..b3ff7f41a3 100644 --- a/queue-6.19/series +++ b/queue-6.19/series @@ -377,3 +377,4 @@ io_uring-ensure-ctx-rings-is-stable-for-task-work-flags-manipulation.patch io_uring-eventfd-use-ctx-rings_rcu-for-flags-checking.patch cxl-acpi-fix-cxl_acpi-and-cxl_pmem-kconfig-tristate-mismatch.patch bpf-drop-kthread_exit-from-noreturn_deny.patch +sched_ext-use-write_once-for-the-write-side-of-scx_enable-helper-pointer.patch