scx_bpf_cpu_rq() can return NULL when the calling program is not attached to
an active SCX scheduler or when the requested CPU is invalid. Its kfunc
registration currently advertises only KF_IMPLICIT_ARGS, so the verifier does
not mark the return as PTR_MAYBE_NULL.
Add KF_RET_NULL to the registration, matching scx_bpf_locked_rq() and
scx_bpf_cpu_curr(), so BPF programs must check the returned runqueue pointer
before dereferencing it.
Fixes: 6203ef73fa5c ("sched/ext: Add BPF function to fetch rq")
Signed-off-by: Nuoqi Gui <[email protected]>
---
kernel/sched/ext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 65631e577ee9..dbe1fe1ac465 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -9787,7 +9787,7 @@ BTF_ID_FLAGS(func, scx_bpf_get_online_cpumask, KF_ACQUIRE)
BTF_ID_FLAGS(func, scx_bpf_put_cpumask, KF_RELEASE)
BTF_ID_FLAGS(func, scx_bpf_task_running, KF_RCU)
BTF_ID_FLAGS(func, scx_bpf_task_cpu, KF_RCU)
-BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_IMPLICIT_ARGS)
+BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_IMPLICIT_ARGS | KF_RET_NULL)
BTF_ID_FLAGS(func, scx_bpf_locked_rq, KF_IMPLICIT_ARGS | KF_RET_NULL)
BTF_ID_FLAGS(func, scx_bpf_cpu_curr, KF_IMPLICIT_ARGS | KF_RET_NULL |
KF_RCU_PROTECTED)
BTF_ID_FLAGS(func, scx_bpf_now)
--
2.34.1
