This is a note to let you know that I've just added the patch titled bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: bpf-fix-a-possible-task-gone-issue-with-bpf_send_sig.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 18e84f69d61455dd5f7501cc1bd4b6c1e2f952fc Author: Yonghong Song <yhs@xxxxxx> Date: Wed Jan 18 12:48:15 2023 -0800 bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers [ Upstream commit bdb7fdb0aca8b96cef9995d3a57e251c2289322f ] In current bpf_send_signal() and bpf_send_signal_thread() helper implementation, irq_work is used to handle nmi context. Hao Sun reported in [1] that the current task at the entry of the helper might be gone during irq_work callback processing. To fix the issue, a reference is acquired for the current task before enqueuing into the irq_work so that the queued task is still available during irq_work callback processing. [1] https://lore.kernel.org/bpf/20230109074425.12556-1-sunhao.th@xxxxxxxxx/ Fixes: 8b401f9ed244 ("bpf: implement bpf_send_signal() helper") Tested-by: Hao Sun <sunhao.th@xxxxxxxxx> Reported-by: Hao Sun <sunhao.th@xxxxxxxxx> Signed-off-by: Yonghong Song <yhs@xxxxxx> Link: https://lore.kernel.org/r/20230118204815.3331855-1-yhs@xxxxxx Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index eb8c117cc8b6..9d4163abadf4 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -832,6 +832,7 @@ static void do_bpf_send_signal(struct irq_work *entry) work = container_of(entry, struct send_signal_irq_work, irq_work); group_send_sig_info(work->sig, SEND_SIG_PRIV, work->task, work->type); + put_task_struct(work->task); } static int bpf_send_signal_common(u32 sig, enum pid_type type) @@ -866,7 +867,7 @@ static int bpf_send_signal_common(u32 sig, enum pid_type type) * to the irq_work. The current task may change when queued * irq works get executed. */ - work->task = current; + work->task = get_task_struct(current); work->sig = sig; work->type = type; irq_work_queue(&work->irq_work);