From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: linux-kernel@vger.kernel.org, davem@redhat.com,
sds@tycho.nsa.gov, jack@suse.cz, dwmw2@infradead.org,
tony.luck@intel.com, jdike@karaya.com,
James.Bottomley@HansenPartnership.com
Subject: How to lock current->signal->tty
Date: Tue, 08 Aug 2006 16:17:22 +0100 [thread overview]
Message-ID: <1155050242.5729.88.camel@localhost.localdomain> (raw)
The biggest crawly horror I've found so far in auditing the tty locking
is current->signal->tty. The tty layer currently and explicitly protects
this using tty_mutex. The core kernel likewise knows about this.
Unfortunately:
SELinux doesn't do any locking at all
Dquot passes the tty to tty_write_message without locking
audit_log_exit doesn't do any locking at all
acct.c thinks tasklist_lock protects it (wrong)
drivers/char/sx misuses it unlocked in debug info
fs/proc/array thinks tasklist_lock will save it (also wrong)
fs3270 does fascinating things with it which don't look safe
ebtables remote debugging (#if 0 thankfully) does no locking
and just for fun calls the tty driver directly with no
driver locking either.
voyager_thread sets up a thread and then touches ->tty unlocked
(and it seems daemonize already fixed it)
Sparc solaris_procids sets it to NULL without locking
arch/ia64/kernel/unanligned seems to write to it without locking
arch/um/kernel/exec.c appears to believe task_lock is used
The semantics are actually as follows
signal->tty must not be changed without holding tty_mutex
signal->tty must not be used unless tty_mutex is held from before
reading it to completing using it
Simple if(signal->tty == NULL) type checks are ok
I'm looking longer term at tty ref counting and the like but for now and
current distributions it might be an idea to fix the existing problems.
Alan
next reply other threads:[~2006-08-08 14:59 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-08 15:17 Alan Cox [this message]
2006-08-08 15:10 ` How to lock current->signal->tty Arjan van de Ven
2006-08-08 15:44 ` Alan Cox
2006-08-08 16:41 ` Luck, Tony
2006-08-08 17:50 ` Alan Cox
2006-08-09 8:09 ` Jes Sorensen
2006-08-09 10:44 ` Alan Cox
2006-08-09 11:26 ` Jes Sorensen
2006-08-09 16:24 ` Luck, Tony
2006-08-09 18:10 ` Jes Sorensen
2006-08-08 22:06 ` Jan Kara
2006-08-08 17:11 ` Stephen Smalley
2006-08-08 17:43 ` Alan Cox
2006-08-08 17:44 ` Stephen Smalley
2006-08-08 18:10 ` Alan Cox
2006-08-08 20:02 ` Stephen Smalley
2006-08-13 21:34 ` Jan Kara
-- strict thread matches above, loose matches on Subject: below --
2006-08-09 4:01 Albert Cahalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1155050242.5729.88.camel@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=James.Bottomley@HansenPartnership.com \
--cc=davem@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jack@suse.cz \
--cc=jdike@karaya.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.