From: Tejun Heo <tj@kernel.org>
Date: Fri, 8 May 2026 23:48:29 +0000 (-1000)
Subject: sched_ext: Fix ops_cid layout assert
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03d958da4f355c380819a3baf339123c25db8e54;p=thirdparty%2Fkernel%2Flinux.git

sched_ext: Fix ops_cid layout assert

ca1d48a86fab ("sched_ext: Use offsetofend on both sides of the ops_cid
layout assert") replaced sizeof() with offsetofend() to dodge 32-bit
PPC trailing padding, but the resulting check is tautological: with
CID_OFFSET_MATCH(priv, priv) already enforcing offsetof(priv) equality
and @priv being the same type in both structs, the two offsetofends
are equal by construction. The original protection - catching a stray
field added past @priv in sched_ext_ops_cid - is gone.

Anchor on a zero-size __end[] marker appended after @priv. Its offset
sits flush after @priv regardless of trailing struct padding; if a
field is inserted past @priv, __end shifts and the assert fires.

Closes: https://lore.kernel.org/all/20260508215211.0C03AC2BCB0@smtp.kernel.org/
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
---

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index f86ee15be7cb1..b685f45b4fd0b 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -10380,11 +10380,9 @@ static int __init scx_init(void)
 	/*
 	 * cid-form must end exactly at @priv - validate_ops() skips
 	 * cpu_acquire/cpu_release for cid-form because reading those fields
-	 * past the BPF allocation would be UB. offsetofend() on both sides
-	 * instead of sizeof() on sched_ext_ops_cid to sidestep trailing
-	 * struct padding (e.g. 32-bit PPC tail-pads ops_cid past @priv).
+	 * past the BPF allocation would be UB.
 	 */
-	BUILD_BUG_ON(offsetofend(struct sched_ext_ops_cid, priv) !=
+	BUILD_BUG_ON(offsetof(struct sched_ext_ops_cid, __end) !=
 		     offsetofend(struct sched_ext_ops, priv));
 #undef CID_OFFSET_MATCH
 
diff --git a/kernel/sched/ext_internal.h b/kernel/sched/ext_internal.h
index 0ed79bd891c7d..cd33984cffcf0 100644
--- a/kernel/sched/ext_internal.h
+++ b/kernel/sched/ext_internal.h
@@ -938,6 +938,9 @@ struct sched_ext_ops_cid {
 
 	/* internal use only, must be NULL */
 	void __rcu *priv;
+
+	/* layout end anchor for the BUILD_BUG_ON in scx_init(); keep last */
+	char __end[0];
 };
 
 enum scx_opi {