diff options
| author | Sebastian Andrzej Siewior <[email protected]> | 2025-09-18 18:11:44 +0000 |
|---|---|---|
| committer | Michael S. Tsirkin <[email protected]> | 2025-09-21 21:44:20 +0000 |
| commit | afe16653e05db07d658b55245c7a2e0603f136c0 (patch) | |
| tree | 3d0b4e6a3219818a4a676472d4851d04875437f3 /lib/notifier-error-inject.c | |
| parent | vhost-net: flush batched before enabling notifications (diff) | |
| download | kernel-afe16653e05db07d658b55245c7a2e0603f136c0.tar.gz kernel-afe16653e05db07d658b55245c7a2e0603f136c0.zip | |
vhost: Take a reference on the task in struct vhost_task.
vhost_task_create() creates a task and keeps a reference to its
task_struct. That task may exit early via a signal and its task_struct
will be released.
A pending vhost_task_wake() will then attempt to wake the task and
access a task_struct which is no longer there.
Acquire a reference on the task_struct while creating the thread and
release the reference while the struct vhost_task itself is removed.
If the task exits early due to a signal, then the vhost_task_wake() will
still access a valid task_struct. The wake is safe and will be skipped
in this case.
Fixes: f9010dbdce911 ("fork, vhost: Use CLONE_THREAD to fix freezer/ps regression")
Reported-by: Sean Christopherson <[email protected]>
Closes: https://lore.kernel.org/all/[email protected]/
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Tested-by: Sean Christopherson <[email protected]>
Diffstat (limited to 'lib/notifier-error-inject.c')
0 files changed, 0 insertions, 0 deletions