On Thu, Dec 18, 2025 at 11:32 AM Oleg Nesterov oleg@redhat.com wrote:
On 12/18, Alice Ryhl wrote:
The Task::group_leader() method currently allows you to access the group_leader() of any task, for example one you hold a refcount to. But this is not safe in general since the group leader could change when a task exits. See for example commit a15f37a40145c ("kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths").
All existing users of Task::group_leader() call this method on current, which is guaranteed running, so there's not an actual issue in Rust code today. But to prevent code in the future from making this mistake, restrict Task::group_leader() so that it can only be called on current.
There are some other cases where accessing task->group_leader is okay. For example it can be safe if you hold tasklist_lock or rcu_read_lock(). However, only supporting current->group_leader is sufficient for all in-tree Rust users of group_leader right now. Safe Rust functionality for accessing it under rcu or while holding tasklist_lock may be added in the future if required by any future Rust module.
I obviously can't ACK this patch ;) but just in case, it looks good to me.
Although I am not sure this is a stable material... Exactly because, as you mentioned, all existing users call this method on current.
Well, I suppose you are right that it isn't. I would like it to land on Android's fork of 6.18 somehow so that nobody makes this mistake in future Android drivers using 6.18, but I can always do that separately of upstream Linux.
I don't think there's a clear owner for this file, so to break ambiguity I'm doing to declare that this patch is intended for Andrew Morton's tree. Please let me know if you think a different tree is appropriate.
If Andrew agrees and nobody objects this would be nice. I am going to send some tree-wide changes related to task_struct.group_leader usage, it would be simpler to route them all via -mm tree.
So far I sent the trivial preparations
[PATCH 0/7] don't abuse task_struct.group_leader https://lore.kernel.org/all/aTV1pbftBkH8n4kh@redhat.com/and I am still waiting for more reviews. Alice, perhaps you can review the (hopefully trivial) 1-2 which touch android/binder?
Done.
Alice