Re: [PATCH v2] bpf: Fix use-after-free on mm_struct in bpf_find_vma()

Next message: Andy Shevchenko: "Re: [PATCH] staging: media: atomisp: fix variable shadowing warnings"
Previous message: Matt Fleming: "sched_ext/lavd hard lockup in old call_rcu_tasks_generic needadjust path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sanghyun Park

Date: Tue Jun 09 2026 - 06:49:02 EST

Hello Yonghong,

Thank you for the feedback. You are right on both points.

In v3 I will drop get_task_mm()+mmput() and instead mirror the pattern
from upstream commit d8e27d2d22b6 ("bpf: fix mm lifecycle in open-coded
task_vma iterator"): use spin_trylock(&task->alloc_lock) to read task->mm
and mmget() to pin it, then release the reference with mmput_async(). I
will also reject irqs-disabled contexts and !CONFIG_MMU on the foreign
path, and fix the whitespace damage.

v3 coming shortly.

Sincerely,
Sanghyun