scx_bpf_cpu_rq() can return NULL when the calling program is not attached to
an active SCX scheduler or when the requested CPU is invalid. Its kfunc
registration currently advertises only KF_IMPLICIT_ARGS, so the verifier does
not mark the return as PTR_MAYBE_NULL.

Add KF_RET_NULL to the registration, matching scx_bpf_locked_rq() and
scx_bpf_cpu_curr(), so BPF programs must check the returned runqueue pointer
before dereferencing it.

Fixes: 6203ef73fa5c ("sched/ext: Add BPF function to fetch rq")
Signed-off-by: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>
---
 kernel/sched/ext.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 65631e577ee9..dbe1fe1ac465 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -9787,7 +9787,7 @@ BTF_ID_FLAGS(func, scx_bpf_get_online_cpumask, KF_ACQUIRE)
 BTF_ID_FLAGS(func, scx_bpf_put_cpumask, KF_RELEASE)
 BTF_ID_FLAGS(func, scx_bpf_task_running, KF_RCU)
 BTF_ID_FLAGS(func, scx_bpf_task_cpu, KF_RCU)
-BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_IMPLICIT_ARGS)
+BTF_ID_FLAGS(func, scx_bpf_cpu_rq, KF_IMPLICIT_ARGS | KF_RET_NULL)
 BTF_ID_FLAGS(func, scx_bpf_locked_rq, KF_IMPLICIT_ARGS | KF_RET_NULL)
 BTF_ID_FLAGS(func, scx_bpf_cpu_curr, KF_IMPLICIT_ARGS | KF_RET_NULL | KF_RCU_PROTECTED)
 BTF_ID_FLAGS(func, scx_bpf_now)

-- 
2.34.1