On Sun, Feb 04, 2024 at 08:51:52AM +0100, Mathias Krause wrote:
> Calling fd_install() makes a file reachable for userland, including the
> possibility to close the file descriptor, which leads to calling its
> 'release' hook. If that happens before the code had a chance to bump the
> reference of the newly created task struct, the release callback will
> call put_task_struct() too early, leading to the premature destruction
> of the kernel thread.
>
> Avoid that race by calling fd_install() later, after all the setup is
> done.
>
> Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit")
> Signed-off-by: Mathias Krause <[email protected]>
The fixes line is wrong, but I'll take care of that - thanks!
