aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorPeter Zijlstra <a.p.zijlstra@chello.nl>2006-12-08 05:36:04 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-08 11:28:38 -0500
commit24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517 (patch)
tree2ff478b1925159eeac007913c2a8f19d5f5e6010 /kernel
parent562f9c574e0707f9159a729ea41faf53b221cd30 (diff)
[PATCH] tty: ->signal->tty locking
Fix the locking of signal->tty. Use ->sighand->siglock to protect ->signal->tty; this lock is already used by most other members of ->signal/->sighand. And unless we are 'current' or the tasklist_lock is held we need ->siglock to access ->signal anyway. (NOTE: sys_unshare() is broken wrt ->sighand locking rules) Note that tty_mutex is held over tty destruction, so while holding tty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys are governed by their open file handles. This leaves some holes for tty access from signal->tty (or any other non file related tty access). It solves the tty SLAB scribbles we were seeing. (NOTE: the change from group_send_sig_info to __group_send_sig_info needs to be examined by someone familiar with the security framework, I think it is safe given the SEND_SIG_PRIV from other __group_send_sig_info invocations) [schwidefsky@de.ibm.com: 3270 fix] [akpm@osdl.org: various post-viro fixes] Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Alan Cox <alan@redhat.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Roland McGrath <roland@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/acct.c9
-rw-r--r--kernel/auditsc.c2
-rw-r--r--kernel/exit.c4
-rw-r--r--kernel/sys.c6
4 files changed, 10 insertions, 11 deletions
diff --git a/kernel/acct.c b/kernel/acct.c
index dc12db8600e..ca561903936 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -428,6 +428,7 @@ static void do_acct_process(struct file *file)
428 u64 elapsed; 428 u64 elapsed;
429 u64 run_time; 429 u64 run_time;
430 struct timespec uptime; 430 struct timespec uptime;
431 struct tty_struct *tty;
431 432
432 /* 433 /*
433 * First check to see if there is enough free_space to continue 434 * First check to see if there is enough free_space to continue
@@ -485,12 +486,8 @@ static void do_acct_process(struct file *file)
485#endif 486#endif
486 487
487 mutex_lock(&tty_mutex); 488 mutex_lock(&tty_mutex);
488 /* FIXME: Whoever is responsible for current->signal locking needs 489 tty = get_current_tty();
489 to use the same locking all over the kernel and document it */ 490 ac.ac_tty = tty ? old_encode_dev(tty_devnum(tty)) : 0;
490 read_lock(&tasklist_lock);
491 ac.ac_tty = current->signal->tty ?
492 old_encode_dev(tty_devnum(current->signal->tty)) : 0;
493 read_unlock(&tasklist_lock);
494 mutex_unlock(&tty_mutex); 491 mutex_unlock(&tty_mutex);
495 492
496 spin_lock_irq(&current->sighand->siglock); 493 spin_lock_irq(&current->sighand->siglock);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 40722e26de9..b6cb802fbcd 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -826,10 +826,12 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
826 context->return_code); 826 context->return_code);
827 827
828 mutex_lock(&tty_mutex); 828 mutex_lock(&tty_mutex);
829 read_lock(&tasklist_lock);
829 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) 830 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
830 tty = tsk->signal->tty->name; 831 tty = tsk->signal->tty->name;
831 else 832 else
832 tty = "(none)"; 833 tty = "(none)";
834 read_unlock(&tasklist_lock);
833 audit_log_format(ab, 835 audit_log_format(ab,
834 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 836 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
835 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 837 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
diff --git a/kernel/exit.c b/kernel/exit.c
index 4e3f919edc4..fa235779b6a 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -384,9 +384,7 @@ void daemonize(const char *name, ...)
384 exit_mm(current); 384 exit_mm(current);
385 385
386 set_special_pids(1, 1); 386 set_special_pids(1, 1);
387 mutex_lock(&tty_mutex); 387 proc_clear_tty(current);
388 current->signal->tty = NULL;
389 mutex_unlock(&tty_mutex);
390 388
391 /* Block and flush all signals */ 389 /* Block and flush all signals */
392 sigfillset(&blocked); 390 sigfillset(&blocked);
diff --git a/kernel/sys.c b/kernel/sys.c
index a0c1a29a507..1ac2d1c5d84 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1484,7 +1484,6 @@ asmlinkage long sys_setsid(void)
1484 pid_t session; 1484 pid_t session;
1485 int err = -EPERM; 1485 int err = -EPERM;
1486 1486
1487 mutex_lock(&tty_mutex);
1488 write_lock_irq(&tasklist_lock); 1487 write_lock_irq(&tasklist_lock);
1489 1488
1490 /* Fail if I am already a session leader */ 1489 /* Fail if I am already a session leader */
@@ -1504,12 +1503,15 @@ asmlinkage long sys_setsid(void)
1504 1503
1505 group_leader->signal->leader = 1; 1504 group_leader->signal->leader = 1;
1506 __set_special_pids(session, session); 1505 __set_special_pids(session, session);
1506
1507 spin_lock(&group_leader->sighand->siglock);
1507 group_leader->signal->tty = NULL; 1508 group_leader->signal->tty = NULL;
1508 group_leader->signal->tty_old_pgrp = 0; 1509 group_leader->signal->tty_old_pgrp = 0;
1510 spin_unlock(&group_leader->sighand->siglock);
1511
1509 err = process_group(group_leader); 1512 err = process_group(group_leader);
1510out: 1513out:
1511 write_unlock_irq(&tasklist_lock); 1514 write_unlock_irq(&tasklist_lock);
1512 mutex_unlock(&tty_mutex);
1513 return err; 1515 return err;
1514} 1516}
1515 1517