From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: torvalds@linux-foundation.org, linux-kernel@vger.kernel.org
Subject: [PATCH 42/80] tty: Make get_current_tty use a kref
Date: Mon, 13 Oct 2008 10:39:13 +0100 [thread overview]
Message-ID: <20081013093906.21645.36569.stgit@localhost.localdomain> (raw)
In-Reply-To: <20081013092758.21645.2359.stgit@localhost.localdomain>
From: Alan Cox <alan@redhat.com>
We now return a kref covered tty reference. That ensures the tty structure
doesn't go away when you have a return from get_current_tty. This is not
enough to protect you from most of the resources being freed behind your
back - yet.
[Updated to include fixes for SELinux problems found by Andrew Morton and
an s390 leak found while debugging the former]
Signed-off-by: Alan Cox <alan@redhat.com>
---
drivers/char/tty_io.c | 10 ++++++----
drivers/s390/char/fs3270.c | 3 ++-
fs/dquot.c | 6 +++---
security/selinux/hooks.c | 3 ++-
4 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 9a76db3..4c0e4ed 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -786,12 +786,12 @@ void disassociate_ctty(int on_exit)
tty = get_current_tty();
if (tty) {
tty_pgrp = get_pid(tty->pgrp);
- lock_kernel();
mutex_unlock(&tty_mutex);
- /* XXX: here we race, there is nothing protecting tty */
+ lock_kernel();
if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
tty_vhangup(tty);
unlock_kernel();
+ tty_kref_put(tty);
} else if (on_exit) {
struct pid *old_pgrp;
spin_lock_irq(¤t->sighand->siglock);
@@ -819,7 +819,6 @@ void disassociate_ctty(int on_exit)
spin_unlock_irq(¤t->sighand->siglock);
mutex_lock(&tty_mutex);
- /* It is possible that do_tty_hangup has free'd this tty */
tty = get_current_tty();
if (tty) {
unsigned long flags;
@@ -829,6 +828,7 @@ void disassociate_ctty(int on_exit)
tty->session = NULL;
tty->pgrp = NULL;
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
+ tty_kref_put(tty);
} else {
#ifdef TTY_DEBUG_HANGUP
printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
@@ -1806,6 +1806,8 @@ retry_open:
index = tty->index;
filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
/* noctty = 1; */
+ /* FIXME: Should we take a driver reference ? */
+ tty_kref_put(tty);
goto got_driver;
}
#ifdef CONFIG_VT
@@ -3135,7 +3137,7 @@ struct tty_struct *get_current_tty(void)
{
struct tty_struct *tty;
WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
- tty = current->signal->tty;
+ tty = tty_kref_get(current->signal->tty);
/*
* session->tty can be changed/cleared from under us, make sure we
* issue the load. The obtained pointer, when not NULL, is valid as
diff --git a/drivers/s390/char/fs3270.c b/drivers/s390/char/fs3270.c
index d18e6d2..3ef5425 100644
--- a/drivers/s390/char/fs3270.c
+++ b/drivers/s390/char/fs3270.c
@@ -430,11 +430,12 @@ fs3270_open(struct inode *inode, struct file *filp)
mutex_lock(&tty_mutex);
tty = get_current_tty();
if (!tty || tty->driver->major != IBM_TTY3270_MAJOR) {
- mutex_unlock(&tty_mutex);
+ tty_kref_put(tty);
rc = -ENODEV;
goto out;
}
minor = tty->index + RAW3270_FIRSTMINOR;
+ tty_kref_put(tty);
mutex_unlock(&tty_mutex);
}
/* Check if some other program is already using fullscreen mode. */
diff --git a/fs/dquot.c b/fs/dquot.c
index 8ec4d6c..7417a6c 100644
--- a/fs/dquot.c
+++ b/fs/dquot.c
@@ -897,8 +897,9 @@ static void print_warning(struct dquot *dquot, const int warntype)
mutex_lock(&tty_mutex);
tty = get_current_tty();
+ mutex_unlock(&tty_mutex);
if (!tty)
- goto out_lock;
+ return;
tty_write_message(tty, dquot->dq_sb->s_id);
if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
tty_write_message(tty, ": warning, ");
@@ -926,8 +927,7 @@ static void print_warning(struct dquot *dquot, const int warntype)
break;
}
tty_write_message(tty, msg);
-out_lock:
- mutex_unlock(&tty_mutex);
+ tty_kref_put(tty);
}
#endif
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4a7374c..089d61a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2123,6 +2123,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
mutex_lock(&tty_mutex);
tty = get_current_tty();
+ mutex_unlock(&tty_mutex);
if (tty) {
file_list_lock();
file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
@@ -2139,8 +2140,8 @@ static inline void flush_unauthorized_files(struct files_struct *files)
}
}
file_list_unlock();
+ tty_kref_put(tty);
}
- mutex_unlock(&tty_mutex);
/* Reset controlling tty. */
if (drop_tty)
no_tty();
next prev parent reply other threads:[~2008-10-13 9:48 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-13 9:31 [PATCH 00/80] TTY updates for 2.6.28 Alan Cox
2008-10-13 9:31 ` [PATCH 01/80] drivers/serial/crisv10.c: add missing put_tty_driver Alan Cox
2008-10-13 9:31 ` [PATCH 02/80] drivers/char/hvc_console.c: adjust call to put_tty_driver Alan Cox
2008-10-13 9:31 ` [PATCH 03/80] coldfire: scheduled SERIAL_COLDFIRE removal Alan Cox
2008-10-13 9:32 ` [PATCH 04/80] epca: call tty_port_init Alan Cox
2008-10-13 9:32 ` [PATCH 05/80] Blackfin Serial Driver: use __initdata for data, not __init Alan Cox
2008-10-13 9:32 ` [PATCH 06/80] Blackfin Serial Driver: Fix bug - should suspend/resume/remove all uart ports Alan Cox
2008-10-13 9:33 ` [PATCH 07/80] Blackfin Serial Driver: trim trailing whitespace -- no functional changes Alan Cox
2008-10-13 9:33 ` [PATCH 08/80] Blackfin Serial Driver: move common variables out of serial headers and into the serial driver Alan Cox
2008-10-13 9:33 ` [PATCH 09/80] Blackfin Serial Driver: Remove useless stop Alan Cox
2008-10-13 9:33 ` [PATCH 10/80] Blackfin Serial Driver: Fix bug - Don't call tx_stop in tx_transfer Alan Cox
2008-10-13 9:33 ` [PATCH 11/80] Blackfin Serial Driver: Fix bug - ircp fails on sir over Blackfin UART Alan Cox
2008-10-13 9:33 ` [PATCH 12/80] Blackfin Serial Driver: Fix bug - request UART2/3 peripheral mapped interrupts in PIO mode Alan Cox
2008-10-13 9:34 ` [PATCH 13/80] Fix oti6858 debug level Alan Cox
2008-10-13 9:34 ` [PATCH 14/80] Char: cyclades. remove bogus iomap Alan Cox
2008-10-13 9:34 ` [PATCH 15/80] Char: sx, fix io unmapping Alan Cox
2008-10-13 9:34 ` [PATCH 16/80] Char: merge ip2main and ip2base Alan Cox
2008-10-13 9:34 ` [PATCH 17/80] ip2, cleanup globals Alan Cox
2008-10-13 9:34 ` [PATCH 18/80] ip2, fix sparse warnings Alan Cox
2008-10-13 9:34 ` [PATCH 19/80] ip2, init/deinit cleanup Alan Cox
2008-10-13 9:35 ` [PATCH 20/80] ip2: avoid add_timer with pending timer Alan Cox
2008-10-13 9:35 ` [PATCH 21/80] audit: Handle embedded NUL in TTY input auditing Alan Cox
2008-10-13 9:35 ` [PATCH 22/80] serial: Make uart_port's ioport "unsigned long" Alan Cox
2008-10-13 9:35 ` [PATCH 23/80] nozomi: Fix close on error Alan Cox
2008-10-13 9:35 ` [PATCH 24/80] serial-make-uart_ports-ioport-unsigned-long-fix Alan Cox
2008-10-13 9:35 ` [PATCH 25/80] usb: fix pl2303 initialization Alan Cox
2008-10-13 9:36 ` [PATCH 26/80] ftdi: A few errors are err() that should be debug which causes much spewage Alan Cox
2008-10-13 9:36 ` [PATCH 27/80] serial_8250: pci_enable_device fail is not fully handled Alan Cox
2008-10-13 9:36 ` [PATCH 28/80] 8250: remove a few inlines of dubious value Alan Cox
2008-10-13 9:36 ` [PATCH 29/80] serial: allow 8250 to be used on sparc Alan Cox
2008-10-13 9:36 ` [PATCH 30/80] tty: move tioclinux from a special case Alan Cox
2008-10-13 9:36 ` [PATCH 31/80] uml: small cleanups and note bugs to be dealt with by uml authors Alan Cox
2008-10-13 9:36 ` [PATCH 32/80] tty: split the buffering from tty_io Alan Cox
2008-10-13 9:37 ` [PATCH 33/80] tty: Split tty_port into its own file Alan Cox
2008-10-13 9:37 ` [PATCH 34/80] pps: Reserve a line discipline number for PPS Alan Cox
2008-10-13 9:37 ` [PATCH 35/80] tty: Add a kref count Alan Cox
2008-10-13 9:37 ` [PATCH 36/80] tty: use krefs to protect driver module counts Alan Cox
2008-10-13 9:37 ` [PATCH 37/80] tty: Cris has a nice RS485 ioctl so we should steal it Alan Cox
2008-10-13 9:38 ` [PATCH 38/80] tty: ipw need reworking Alan Cox
2008-10-13 9:38 ` [PATCH 39/80] tty: Add termiox Alan Cox
2008-10-13 9:38 ` [PATCH 40/80] tty: Termios locking - sort out real_tty confusions and lock reads Alan Cox
2008-10-13 9:39 ` [PATCH 41/80] tty: compare the tty winsize Alan Cox
2008-10-13 9:39 ` Alan Cox [this message]
2008-10-13 9:39 ` [PATCH 43/80] tty: Move tty_write_message out of kernel/printk Alan Cox
2008-10-13 9:39 ` [PATCH 44/80] tty: usb-serial krefs Alan Cox
2008-10-13 9:39 ` [PATCH 45/80] tty: kref usage for isicom and moxa Alan Cox
2008-10-13 9:40 ` [PATCH 46/80] stallion: Use krefs Alan Cox
2008-10-13 9:40 ` [PATCH 47/80] mxser: Switch to kref tty Alan Cox
2008-10-13 9:40 ` [PATCH 48/80] tty: the vhangup syscall is racy Alan Cox
2008-10-13 9:40 ` [PATCH 49/80] tty: Redo current tty locking Alan Cox
2008-10-13 9:40 ` [PATCH 50/80] tty: Fix abusers of current->sighand->tty Alan Cox
2008-10-13 9:41 ` [PATCH 51/80] pty: If the administrator creates a device for a ptmx slave we should not error Alan Cox
2008-10-13 9:41 ` [PATCH 52/80] vt: remove bogus lock dropping Alan Cox
2008-10-13 9:41 ` [PATCH 53/80] tty: shutdown method Alan Cox
2008-10-13 9:41 ` [PATCH 54/80] tty: Remove more special casing and out of place code Alan Cox
2008-10-13 9:41 ` [PATCH 55/80] tty: Move parts of tty_init_dev into new functions Alan Cox
2008-10-13 9:42 ` [PATCH 56/80] tty: Clean up the tty_init_dev changes further Alan Cox
2008-10-13 9:42 ` [PATCH 57/80] tty: kref the tty driver object Alan Cox
2008-10-13 9:42 ` [PATCH 58/80] tty: More driver operations Alan Cox
2008-10-13 9:42 ` [PATCH 59/80] tty: Finish fixing up the init_dev interface to use ERR_PTR Alan Cox
2008-10-13 9:42 ` [PATCH 60/80] tty: extract the pty init time special cases Alan Cox
2008-10-13 9:42 ` [PATCH 61/80] Move tty lookup/reopen to caller Alan Cox
2008-10-13 9:42 ` [PATCH 62/80] Add an instance parameter devpts interfaces Alan Cox
2008-10-13 9:43 ` [PATCH 63/80] Simplify devpts_get_tty() Alan Cox
2008-10-13 9:43 ` [PATCH 64/80] Simplify devpts_pty_new() Alan Cox
2008-10-13 9:43 ` [PATCH 65/80] Simplify devpts_pty_kill Alan Cox
2008-10-13 9:43 ` [PATCH 66/80] pty: Coding style and polish Alan Cox
2008-10-13 9:43 ` [PATCH 67/80] pty: Fix allocation failure double free Alan Cox
2008-10-13 9:43 ` [PATCH 68/80] pty: simplify unix98 allocation Alan Cox
2008-10-13 9:44 ` [PATCH 69/80] tty: simplify ktermios allocation Alan Cox
2008-10-13 9:44 ` [PATCH 70/80] tty: some ICANON magic is in the wrong places Alan Cox
2008-10-13 9:44 ` [PATCH 71/80] tty: Fallout from tty-move-canon-specials Alan Cox
2008-10-13 9:44 ` [PATCH 72/80] tty: fix up gigaset a bit Alan Cox
2008-10-16 15:50 ` Tilman Schmidt
2008-10-17 11:40 ` Alan Cox
2008-10-19 12:28 ` Tilman Schmidt
2008-10-22 9:00 ` Alan Cox
2008-10-24 11:21 ` Tilman Schmidt
2008-10-13 9:44 ` [PATCH 73/80] tty: Remove lots of NULL checks Alan Cox
2008-10-13 9:45 ` [PATCH 74/80] tty: Minor tidyups and document fixes for n_tty Alan Cox
2008-10-13 9:45 ` [PATCH 75/80] applicom: Fix an unchecked user ioctl range and an error return Alan Cox
2008-10-13 9:45 ` [PATCH 76/80] serial: fix device name reporting when minor space is shared between drivers Alan Cox
2008-10-13 9:45 ` [PATCH 77/80] tty: tty_io.c shadows sparse fix Alan Cox
2008-10-13 9:45 ` [PATCH 78/80] fs3270: remove extra locks Alan Cox
2008-10-13 9:46 ` [PATCH 79/80] fs3270: Correct error returns Alan Cox
2008-10-13 9:46 ` [PATCH 80/80] tty: rename the remaining oddly named n_tty functions Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081013093906.21645.36569.stgit@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox