diff options
author | Peter Zijlstra <a.p.zijlstra@chello.nl> | 2006-12-08 05:36:04 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2006-12-08 11:28:38 -0500 |
commit | 24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517 (patch) | |
tree | 2ff478b1925159eeac007913c2a8f19d5f5e6010 /kernel | |
parent | 562f9c574e0707f9159a729ea41faf53b221cd30 (diff) |
[PATCH] tty: ->signal->tty locking
Fix the locking of signal->tty.
Use ->sighand->siglock to protect ->signal->tty; this lock is already used
by most other members of ->signal/->sighand. And unless we are 'current'
or the tasklist_lock is held we need ->siglock to access ->signal anyway.
(NOTE: sys_unshare() is broken wrt ->sighand locking rules)
Note that tty_mutex is held over tty destruction, so while holding
tty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys
are governed by their open file handles. This leaves some holes for tty
access from signal->tty (or any other non file related tty access).
It solves the tty SLAB scribbles we were seeing.
(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to
be examined by someone familiar with the security framework, I think
it is safe given the SEND_SIG_PRIV from other __group_send_sig_info
invocations)
[schwidefsky@de.ibm.com: 3270 fix]
[akpm@osdl.org: various post-viro fixes]
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Alan Cox <alan@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Roland McGrath <roland@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Jan Kara <jack@ucw.cz>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/acct.c | 9 | ||||
-rw-r--r-- | kernel/auditsc.c | 2 | ||||
-rw-r--r-- | kernel/exit.c | 4 | ||||
-rw-r--r-- | kernel/sys.c | 6 |
4 files changed, 10 insertions, 11 deletions
diff --git a/kernel/acct.c b/kernel/acct.c index dc12db8600e..ca561903936 100644 --- a/kernel/acct.c +++ b/kernel/acct.c | |||
@@ -428,6 +428,7 @@ static void do_acct_process(struct file *file) | |||
428 | u64 elapsed; | 428 | u64 elapsed; |
429 | u64 run_time; | 429 | u64 run_time; |
430 | struct timespec uptime; | 430 | struct timespec uptime; |
431 | struct tty_struct *tty; | ||
431 | 432 | ||
432 | /* | 433 | /* |
433 | * First check to see if there is enough free_space to continue | 434 | * First check to see if there is enough free_space to continue |
@@ -485,12 +486,8 @@ static void do_acct_process(struct file *file) | |||
485 | #endif | 486 | #endif |
486 | 487 | ||
487 | mutex_lock(&tty_mutex); | 488 | mutex_lock(&tty_mutex); |
488 | /* FIXME: Whoever is responsible for current->signal locking needs | 489 | tty = get_current_tty(); |
489 | to use the same locking all over the kernel and document it */ | 490 | ac.ac_tty = tty ? old_encode_dev(tty_devnum(tty)) : 0; |
490 | read_lock(&tasklist_lock); | ||
491 | ac.ac_tty = current->signal->tty ? | ||
492 | old_encode_dev(tty_devnum(current->signal->tty)) : 0; | ||
493 | read_unlock(&tasklist_lock); | ||
494 | mutex_unlock(&tty_mutex); | 491 | mutex_unlock(&tty_mutex); |
495 | 492 | ||
496 | spin_lock_irq(¤t->sighand->siglock); | 493 | spin_lock_irq(¤t->sighand->siglock); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 40722e26de9..b6cb802fbcd 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -826,10 +826,12 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
826 | context->return_code); | 826 | context->return_code); |
827 | 827 | ||
828 | mutex_lock(&tty_mutex); | 828 | mutex_lock(&tty_mutex); |
829 | read_lock(&tasklist_lock); | ||
829 | if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) | 830 | if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) |
830 | tty = tsk->signal->tty->name; | 831 | tty = tsk->signal->tty->name; |
831 | else | 832 | else |
832 | tty = "(none)"; | 833 | tty = "(none)"; |
834 | read_unlock(&tasklist_lock); | ||
833 | audit_log_format(ab, | 835 | audit_log_format(ab, |
834 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" | 836 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" |
835 | " ppid=%d pid=%d auid=%u uid=%u gid=%u" | 837 | " ppid=%d pid=%d auid=%u uid=%u gid=%u" |
diff --git a/kernel/exit.c b/kernel/exit.c index 4e3f919edc4..fa235779b6a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -384,9 +384,7 @@ void daemonize(const char *name, ...) | |||
384 | exit_mm(current); | 384 | exit_mm(current); |
385 | 385 | ||
386 | set_special_pids(1, 1); | 386 | set_special_pids(1, 1); |
387 | mutex_lock(&tty_mutex); | 387 | proc_clear_tty(current); |
388 | current->signal->tty = NULL; | ||
389 | mutex_unlock(&tty_mutex); | ||
390 | 388 | ||
391 | /* Block and flush all signals */ | 389 | /* Block and flush all signals */ |
392 | sigfillset(&blocked); | 390 | sigfillset(&blocked); |
diff --git a/kernel/sys.c b/kernel/sys.c index a0c1a29a507..1ac2d1c5d84 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -1484,7 +1484,6 @@ asmlinkage long sys_setsid(void) | |||
1484 | pid_t session; | 1484 | pid_t session; |
1485 | int err = -EPERM; | 1485 | int err = -EPERM; |
1486 | 1486 | ||
1487 | mutex_lock(&tty_mutex); | ||
1488 | write_lock_irq(&tasklist_lock); | 1487 | write_lock_irq(&tasklist_lock); |
1489 | 1488 | ||
1490 | /* Fail if I am already a session leader */ | 1489 | /* Fail if I am already a session leader */ |
@@ -1504,12 +1503,15 @@ asmlinkage long sys_setsid(void) | |||
1504 | 1503 | ||
1505 | group_leader->signal->leader = 1; | 1504 | group_leader->signal->leader = 1; |
1506 | __set_special_pids(session, session); | 1505 | __set_special_pids(session, session); |
1506 | |||
1507 | spin_lock(&group_leader->sighand->siglock); | ||
1507 | group_leader->signal->tty = NULL; | 1508 | group_leader->signal->tty = NULL; |
1508 | group_leader->signal->tty_old_pgrp = 0; | 1509 | group_leader->signal->tty_old_pgrp = 0; |
1510 | spin_unlock(&group_leader->sighand->siglock); | ||
1511 | |||
1509 | err = process_group(group_leader); | 1512 | err = process_group(group_leader); |
1510 | out: | 1513 | out: |
1511 | write_unlock_irq(&tasklist_lock); | 1514 | write_unlock_irq(&tasklist_lock); |
1512 | mutex_unlock(&tty_mutex); | ||
1513 | return err; | 1515 | return err; |
1514 | } | 1516 | } |
1515 | 1517 | ||