Commit 70362511 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman

tty: fix race in tty_fasync

We need to keep the lock held over the call to __f_setown() to
prevent a PID race.

Thanks to Al Viro for pointing out the problem, and to Travis for
making us look here in the first place.

Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tavis Ormandy <taviso@google.com>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Julien Tinnes <jln@google.com>
Cc: Matt Mackall <mpm@selenic.com>
Cc: stable <stable@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 18c576f9
...@@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on) ...@@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on)
pid = task_pid(current); pid = task_pid(current);
type = PIDTYPE_PID; type = PIDTYPE_PID;
} }
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
retval = __f_setown(filp, pid, type, 0); retval = __f_setown(filp, pid, type, 0);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
if (retval) if (retval)
goto out; goto out;
} else { } else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment