[PATCH -next 04/10] uml: Fix unsafe pid reference to foreground process group

linux-serial.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Peter Hurley <peter@hurleysoftware.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org,
	Jiri Slaby <jslaby@suse.cz>,
	One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
	Peter Hurley <peter@hurleysoftware.com>,
	Jeff Dike <jdike@addtoit.com>,
	Richard Weinberger <richard@nod.at>,
	user-mode-linux-devel@lists.sourceforge.net
Subject: [PATCH -next 04/10] uml: Fix unsafe pid reference to foreground process group
Date: Thu, 16 Oct 2014 14:59:44 -0400	[thread overview]
Message-ID: <1413485990-16855-5-git-send-email-peter@hurleysoftware.com> (raw)
In-Reply-To: <1413485990-16855-1-git-send-email-peter@hurleysoftware.com>

Although the tty core maintains a pid reference for the foreground
process group, if the foreground process group is changed that
pid reference is dropped. Thus, the pid reference used for signalling
could become stale.

Safely obtain a pid reference to the foreground process group and
release the reference after signalling is complete.

cc: Jeff Dike <jdike@addtoit.com>
cc: Richard Weinberger <richard@nod.at>
cc: user-mode-linux-devel@lists.sourceforge.net
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
 arch/um/drivers/line.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/um/drivers/line.c b/arch/um/drivers/line.c
index 8035145..6208702 100644
--- a/arch/um/drivers/line.c
+++ b/arch/um/drivers/line.c
@@ -632,6 +632,7 @@ static irqreturn_t winch_interrupt(int irq, void *data)
 	int fd = winch->fd;
 	int err;
 	char c;
+	struct pid *pgrp;
 
 	if (fd != -1) {
 		err = generic_read(fd, &c, NULL);
@@ -657,7 +658,10 @@ static irqreturn_t winch_interrupt(int irq, void *data)
 		if (line != NULL) {
 			chan_window_size(line, &tty->winsize.ws_row,
 					 &tty->winsize.ws_col);
-			kill_pgrp(tty->pgrp, SIGWINCH, 1);
+			pgrp = tty_get_pgrp(tty);
+			if (pgrp)
+				kill_pgrp(pgrp, SIGWINCH, 1);
+			put_pid(pgrp);
 		}
 		tty_kref_put(tty);
 	}
-- 
2.1.1

next prev parent reply	other threads:[~2014-10-16 18:59 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-16 18:59 [PATCH -next 00/10] Fixes to controlling tty handling Peter Hurley
2014-10-16 18:59 ` [PATCH -next 01/10] tty: Remove tty_pair_get_tty()/tty_pair_get_pty() api Peter Hurley
2014-10-16 18:59 ` [PATCH -next 02/10] tty: Reorder proc_set_tty() and related fns Peter Hurley
2014-10-16 18:59 ` [PATCH -next 03/10] tty: Remove tsk parameter from proc_set_tty() Peter Hurley
2014-10-16 18:59 ` Peter Hurley [this message]
2014-10-17  7:57   ` [PATCH -next 04/10] uml: Fix unsafe pid reference to foreground process group Richard Weinberger
2014-10-16 18:59 ` [PATCH -next 05/10] tty: Replace open-coded tty_get_pgrp() Peter Hurley
2014-10-16 18:59 ` [PATCH -next 06/10] tty: Remove !tty condition from __proc_set_tty() Peter Hurley
2014-10-16 18:59 ` [PATCH -next 07/10] tty: Fix multiple races when setting the controlling terminal Peter Hurley
2014-10-16 18:59 ` [PATCH -next 08/10] tty: Move session_of_pgrp() and make static Peter Hurley
2014-10-16 18:59 ` [PATCH -next 09/10] tty: Serialize proc_set_tty() with tty_lock Peter Hurley
2014-10-16 18:59 ` [PATCH -next 10/10] tty: Update code comment in __proc_set_tty() Peter Hurley
2014-10-22 15:00 ` [PATCH -next 00/10] Fixes to controlling tty handling One Thousand Gnomes

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8035145 dfblob:6208702 )
 OR (
bs:"[PATCH -next 04/10] uml: Fix unsafe pid reference to foreground process group" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1413485990-16855-5-git-send-email-peter@hurleysoftware.com \
    --to=peter@hurleysoftware.com \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=gregkh@linuxfoundation.org \
    --cc=jdike@addtoit.com \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-serial@vger.kernel.org \
    --cc=richard@nod.at \
    --cc=user-mode-linux-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).