From: ebiederm@xmission.com (Eric W. Biederman)
To: Greg KH <gregkh@suse.de>
Cc: linux-kernel@vger.kernel.org, stable@kernel.org,
stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Al Viro <viro@ZenIV.linux.org.uk>,
Tavis Ormandy <taviso@google.com>, Jeff Dike <jdike@addtoit.com>,
Julien Tinnes <jln@google.com>, Matt Mackall <mpm@selenic.com>
Subject: Re: [06/11] tty: fix race in tty_fasync
Date: Tue, 26 Jan 2010 11:49:58 -0800 [thread overview]
Message-ID: <m1bpggy7bt.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20100126191624.538119758@mini.kroah.org> (Greg KH's message of "Tue\, 26 Jan 2010 11\:14\:42 -0800")
Greg KH <gregkh@suse.de> writes:
> 2.6.27-stable review patch. If anyone has any objections, please let us know.
Only that __f_setown by way of f_modown unconditionally enables interrupts. So
without touching f_modown as well in mainline we have nasty sounding lockdep warnings.
Eric
> ------------------
>
> From: Greg Kroah-Hartman <gregkh@suse.de>
>
> commit 703625118069f9f8960d356676662d3db5a9d116 upstream.
>
> We need to keep the lock held over the call to __f_setown() to
> prevent a PID race.
>
> Thanks to Al Viro for pointing out the problem, and to Travis for
> making us look here in the first place.
>
> Cc: Eric W. Biederman <ebiederm@xmission.com>
> Cc: Al Viro <viro@ZenIV.linux.org.uk>
> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Tavis Ormandy <taviso@google.com>
> Cc: Jeff Dike <jdike@addtoit.com>
> Cc: Julien Tinnes <jln@google.com>
> Cc: Matt Mackall <mpm@selenic.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
>
> ---
> drivers/char/tty_io.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/drivers/char/tty_io.c
> +++ b/drivers/char/tty_io.c
> @@ -2437,8 +2437,8 @@ static int tty_fasync(int fd, struct fil
> pid = task_pid(current);
> type = PIDTYPE_PID;
> }
> - spin_unlock_irqrestore(&tty->ctrl_lock, flags);
> retval = __f_setown(filp, pid, type, 0);
> + spin_unlock_irqrestore(&tty->ctrl_lock, flags);
> if (retval)
> goto out;
> } else {
next prev parent reply other threads:[~2010-01-26 19:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 19:17 [00/11] 2.6.27.45 review Greg KH
2010-01-26 19:14 ` [01/11] edac: i5000_edac critical fix panic out of bounds Greg KH
2010-01-26 19:14 ` [02/11] [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions Greg KH
2010-01-26 19:14 ` [03/11] reiserfs: truncate blocks not used by a write Greg KH
2010-01-26 19:14 ` [04/11] ecryptfs: initialize private persistent file before dereferencing pointer Greg KH
2010-01-26 19:14 ` [05/11] ecryptfs: use after free Greg KH
2010-01-26 19:14 ` [06/11] tty: fix race in tty_fasync Greg KH
2010-01-26 19:49 ` Eric W. Biederman [this message]
2010-01-26 22:11 ` Linus Torvalds
2010-01-26 23:02 ` Eric W. Biederman
2010-01-26 23:04 ` Greg KH
2010-01-27 1:30 ` Linus Torvalds
2010-01-27 1:47 ` Greg KH
2010-01-26 19:14 ` [07/11] USB: add missing delay during remote wakeup Greg KH
2010-01-26 19:14 ` [08/11] USB: EHCI: fix handling of unusual interrupt intervals Greg KH
2010-01-26 19:14 ` [09/11] USB: EHCI & UHCI: fix race between root-hub suspend and port resume Greg KH
2010-01-26 19:14 ` [10/11] ipc ns: fix memory leak (idr) Greg KH
2010-01-26 19:14 ` [11/11] KVM: S390: fix potential array overrun in intercept handling Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1bpggy7bt.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=gregkh@suse.de \
--cc=jdike@addtoit.com \
--cc=jln@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=taviso@google.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.