On Thu, 18 Dec 2025 09:41:00 +0000 Alice Ryhl aliceryhl@google.com wrote:
The Task::group_leader() method currently allows you to access the group_leader() of any task, for example one you hold a refcount to. But this is not safe in general since the group leader could change when a task exits. See for example commit a15f37a40145c ("kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths").
All existing users of Task::group_leader() call this method on current, which is guaranteed running, so there's not an actual issue in Rust code today. But to prevent code in the future from making this mistake, restrict Task::group_leader() so that it can only be called on current.
There are some other cases where accessing task->group_leader is okay. For example it can be safe if you hold tasklist_lock or rcu_read_lock(). However, only supporting current->group_leader is sufficient for all in-tree Rust users of group_leader right now. Safe Rust functionality for accessing it under rcu or while holding tasklist_lock may be added in the future if required by any future Rust module.
Reported-by: Oleg Nesterov oleg@redhat.com Closes: https://lore.kernel.org/all/aTLnV-5jlgfk1aRK@redhat.com/ Fixes: 313c4281bc9d ("rust: add basic `Task`") Cc: stable@vger.kernel.org Signed-off-by: Alice Ryhl aliceryhl@google.com
Reviewed-by: Gary Guo gary@garyguo.net
rust/kernel/task.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-)