summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@tv-sign.ru>2007-06-01 00:46:53 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-06-01 08:18:29 -0700
commit040b6362d58fe9a344e053546c12bf821f6fce99 (patch)
tree38a6edb5a70ae41d26241cf3cc5eceb7f1c1e21e
parent13466c8419c3ab3ccd5e905eef53ca49c6c201be (diff)
downloadkernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.tar.gz
kernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.tar.xz
kernel-crypto-040b6362d58fe9a344e053546c12bf821f6fce99.zip
tty: fix leakage of -ERESTARTSYS to userland
Spotted by Satoru Takeuchi. kill_pgrp(task_pgrp(current)) sends the signal to the current's thread group, but can choose any sub-thread as a target for signal_wake_up(). This means that job_control() and tty_check_change() may return -ERESTARTSYS without signal_pending(). Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com> Cc: Roland McGrath <roland@redhat.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/char/n_tty.c1
-rw-r--r--drivers/char/tty_io.c3
2 files changed, 3 insertions, 1 deletions
diff --git a/drivers/char/n_tty.c b/drivers/char/n_tty.c
index b3d4ccc33a4..154f42203b0 100644
--- a/drivers/char/n_tty.c
+++ b/drivers/char/n_tty.c
@@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct *tty, struct file *file)
is_current_pgrp_orphaned())
return -EIO;
kill_pgrp(task_pgrp(current), SIGTTIN, 1);
+ set_thread_flag(TIF_SIGPENDING);
return -ERESTARTSYS;
}
}
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 75d2a46e106..3752edc30c3 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1148,7 +1148,8 @@ int tty_check_change(struct tty_struct * tty)
return 0;
if (is_current_pgrp_orphaned())
return -EIO;
- (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1);
+ kill_pgrp(task_pgrp(current), SIGTTOU, 1);
+ set_thread_flag(TIF_SIGPENDING);
return -ERESTARTSYS;
}