[patch 26/54] tty: fix leakage of -ERESTARTSYS to userland

From: Chris Wright
Date: Fri Jun 08 2007 - 03:33:45 EST


-stable review patch. If anyone has any objections, please let us know.
---------------------

From: Oleg Nesterov <oleg@xxxxxxxxxx>

Spotted by Satoru Takeuchi.

kill_pgrp(task_pgrp(current)) sends the signal to the current's thread
group, but can choose any sub-thread as a target for signal_wake_up().
This means that job_control() and tty_check_change() may return
-ERESTARTSYS without signal_pending().

Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Satoru Takeuchi <takeuchi_satoru@xxxxxxxxxxxxxx>
Cc: Roland McGrath <roland@xxxxxxxxxx>
Cc: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---

drivers/char/n_tty.c | 1 +
drivers/char/tty_io.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)

--- linux-2.6.21.4.orig/drivers/char/n_tty.c
+++ linux-2.6.21.4/drivers/char/n_tty.c
@@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct
is_current_pgrp_orphaned())
return -EIO;
kill_pgrp(task_pgrp(current), SIGTTIN, 1);
+ set_thread_flag(TIF_SIGPENDING);
return -ERESTARTSYS;
}
}
--- linux-2.6.21.4.orig/drivers/char/tty_io.c
+++ linux-2.6.21.4/drivers/char/tty_io.c
@@ -1121,7 +1121,8 @@ int tty_check_change(struct tty_struct *
return 0;
if (is_current_pgrp_orphaned())
return -EIO;
- (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1);
+ kill_pgrp(task_pgrp(current), SIGTTOU, 1);
+ set_thread_flag(TIF_SIGPENDING);
return -ERESTARTSYS;
}


--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/