On Wed, Aug 27, 2025 at 05:16:35PM -0700, Sean Christopherson wrote: > On Wed, Aug 27, 2025, Sebastian Andrzej Siewior wrote: > > On 2025-08-27 12:41:04 [-0700], Sean Christopherson wrote: > > > Michael, > > > > Sean, > > > > would the bellow work by chance? It is a quick shot but it looks > > symmetrical… > > Gah, sorry, I flagged your earlier mail and then forgot to circle back to it > (for whatever reason, I didn't entirely grok what you were suggesting). > > > diff --git a/kernel/vhost_task.c b/kernel/vhost_task.c > > index bc738fa90c1d6..27107dcc1cbfe 100644 > > --- a/kernel/vhost_task.c > > +++ b/kernel/vhost_task.c > > @@ -100,6 +100,7 @@ void vhost_task_stop(struct vhost_task *vtsk) > > * freeing it below. > > */ > > wait_for_completion(&vtsk->exited); > > + put_task_struct(vtsk->task); > > kfree(vtsk); > > } > > EXPORT_SYMBOL_GPL(vhost_task_stop); > > @@ -148,7 +149,7 @@ struct vhost_task *vhost_task_create(bool (*fn)(void *), > > return ERR_CAST(tsk); > > } > > > > - vtsk->task = tsk; > > + vtsk->task = get_task_struct(tsk); > > return vtsk; > > } > > EXPORT_SYMBOL_GPL(vhost_task_create); > > Nice! This fixes things too. Either solution works for me. Or maybe do > both? > Attempting to wake a task that vhost_task knows has exited (is exiting?) is a > bit gross, but even with that hardening, guarding against UAF is very nice to > have too. > > Tested-by: Sean Christopherson <sea...@google.com>
Sure let's do both. -- MST
