diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2007-06-01 00:46:53 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-06-01 08:18:29 -0700 |
commit | 040b6362d58fe9a344e053546c12bf821f6fce99 (patch) | |
tree | 38a6edb5a70ae41d26241cf3cc5eceb7f1c1e21e | |
parent | 13466c8419c3ab3ccd5e905eef53ca49c6c201be (diff) | |
download | kernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.tar.gz kernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.tar.xz kernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.zip |
tty: fix leakage of -ERESTARTSYS to userland
Spotted by Satoru Takeuchi.
kill_pgrp(task_pgrp(current)) sends the signal to the current's thread
group, but can choose any sub-thread as a target for signal_wake_up().
This means that job_control() and tty_check_change() may return
-ERESTARTSYS without signal_pending().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | drivers/char/n_tty.c | 1 | ||||
-rw-r--r-- | drivers/char/tty_io.c | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/drivers/char/n_tty.c b/drivers/char/n_tty.c index b3d4ccc33a4..154f42203b0 100644 --- a/drivers/char/n_tty.c +++ b/drivers/char/n_tty.c @@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct *tty, struct file *file) is_current_pgrp_orphaned()) return -EIO; kill_pgrp(task_pgrp(current), SIGTTIN, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; } } diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index 75d2a46e106..3752edc30c3 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1148,7 +1148,8 @@ int tty_check_change(struct tty_struct * tty) return 0; if (is_current_pgrp_orphaned()) return -EIO; - (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1); + kill_pgrp(task_pgrp(current), SIGTTOU, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; } |