aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@tv-sign.ru>2007-06-01 03:46:53 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-06-01 11:18:29 -0400
commit040b6362d58fe9a344e053546c12bf821f6fce99 (patch)
tree38a6edb5a70ae41d26241cf3cc5eceb7f1c1e21e /drivers
parent13466c8419c3ab3ccd5e905eef53ca49c6c201be (diff)
tty: fix leakage of -ERESTARTSYS to userland
Spotted by Satoru Takeuchi. kill_pgrp(task_pgrp(current)) sends the signal to the current's thread group, but can choose any sub-thread as a target for signal_wake_up(). This means that job_control() and tty_check_change() may return -ERESTARTSYS without signal_pending(). Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com> Cc: Roland McGrath <roland@redhat.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/char/n_tty.c1
-rw-r--r--drivers/char/tty_io.c3
2 files changed, 3 insertions, 1 deletions
diff --git a/drivers/char/n_tty.c b/drivers/char/n_tty.c
index b3d4ccc33a47..154f42203b05 100644
--- a/drivers/char/n_tty.c
+++ b/drivers/char/n_tty.c
@@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct *tty, struct file *file)
1191 is_current_pgrp_orphaned()) 1191 is_current_pgrp_orphaned())
1192 return -EIO; 1192 return -EIO;
1193 kill_pgrp(task_pgrp(current), SIGTTIN, 1); 1193 kill_pgrp(task_pgrp(current), SIGTTIN, 1);
1194 set_thread_flag(TIF_SIGPENDING);
1194 return -ERESTARTSYS; 1195 return -ERESTARTSYS;
1195 } 1196 }
1196 } 1197 }
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 75d2a46e106f..3752edc30c36 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1148,7 +1148,8 @@ int tty_check_change(struct tty_struct * tty)
1148 return 0; 1148 return 0;
1149 if (is_current_pgrp_orphaned()) 1149 if (is_current_pgrp_orphaned())
1150 return -EIO; 1150 return -EIO;
1151 (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1); 1151 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1152 set_thread_flag(TIF_SIGPENDING);
1152 return -ERESTARTSYS; 1153 return -ERESTARTSYS;
1153} 1154}
1154 1155