aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJason Baron <jbaron@redhat.com>2005-09-09 16:02:01 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-09 16:57:31 -0400
commitb0d62e6d5b3318b6b722121d945afa295f7201b5 (patch)
tree9dfed36c97bcdbeaf1576b62752bfcafbfae808a /kernel
parentf76baf9365bd66216bf0e0ebfc083e22eda6215b (diff)
[PATCH] fix disassociate_ctty vs. fork race
Race is as follows. Process A forks process B, both being part of the same session. Then, A calls disassociate_ctty while B forks C: A B ==== ==== fork() copy_signal() dissasociate_ctty() .... attach_pid(p, PIDTYPE_SID, p->signal->session); Now, C can have current->signal->tty pointing to a freed tty structure, as it hasn't yet been added to the session group (to have its controlling tty cleared on the diassociate_ctty() call). This has shown up as an oops but could be even more serious. I haven't tried to create a test case, but a customer has verified that the patch below resolves the issue, which was occuring quite frequently. I'll try and post the test case if i can. The patch simply checks for a NULL tty *after* it has been attached to the proper session group and clears it as necessary. Alternatively, we could simply do the tty assignment after the the process is added to the proper session group. Signed-off-by: Jason Baron <jbaron@redhat.com> Cc: Roland McGrath <roland@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/fork.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index dfeadf466f18..b25802065031 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1116,6 +1116,9 @@ static task_t *copy_process(unsigned long clone_flags,
1116 __get_cpu_var(process_counts)++; 1116 __get_cpu_var(process_counts)++;
1117 } 1117 }
1118 1118
1119 if (!current->signal->tty && p->signal->tty)
1120 p->signal->tty = NULL;
1121
1119 nr_threads++; 1122 nr_threads++;
1120 total_forks++; 1123 total_forks++;
1121 write_unlock_irq(&tasklist_lock); 1124 write_unlock_irq(&tasklist_lock);