From: Rusty Russell <rusty@rustcorp.com.au>

lguest needs to hold a reference to its task in case it exits while another
Guest is sending it I/O.  Otherwise we can oops in
access_process_vm->get_task_mm->task_lock().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 drivers/lguest/lguest_user.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -puN drivers/lguest/lguest_user.c~lguest-the-host-code-fix-lguest-oops-when-guest-dies-while-receiving-i-o drivers/lguest/lguest_user.c
--- a/drivers/lguest/lguest_user.c~lguest-the-host-code-fix-lguest-oops-when-guest-dies-while-receiving-i-o
+++ a/drivers/lguest/lguest_user.c
@@ -107,7 +107,8 @@ static int initialize(struct file *file,
 	setup_regs(lg->regs, args[2]);
 	setup_guest_gdt(lg);
 	lg->tsk = current;
-	lg->mm = get_task_mm(current);
+	get_task_struct(lg->tsk);
+	lg->mm = get_task_mm(lg->tsk);
 	lg->last_pages = NULL;
 	mutex_unlock(&lguest_lock);
 
@@ -160,6 +161,7 @@ static int close(struct inode *inode, st
 	mutex_lock(&lguest_lock);
 	release_all_dma(lg);
 	free_guest_pagetable(lg);
+	put_task_struct(lg->tsk);
 	mmput(lg->mm);
 	if (!IS_ERR(lg->dead))
 		kfree(lg->dead);
_