Re: tty: tty_open can return to userspace holding tty_mutex
From: Sukadev Bhattiprolu
Date: Mon Jan 26 2009 - 16:51:58 EST
Eric Paris [eparis@xxxxxxxxxx] wrote:
| __tty_open could return (to userspace) holding the tty_mutex thanks to a
| regression introduced by 4a2b5fddd53b80efcb3266ee36e23b8de28e761a. This was
| found by bisecting an fsfuzzer problem. Admittedly I have no idea how it
| managed to tickle this 100% reliably, but it is clearly a regression and
| when hit leaves the box in a completely unusable state. This patch lets
| the fsfuzzer test complete every time.
Good catch.
|
| Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Acked-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxxxxxxxxxx>
|
| ---
| drivers/char/tty_io.c | 4 +++-
| 1 files changed, 3 insertions(+), 1 deletions(-)
|
| diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
| index d33e5ab..bc84e12 100644
| --- a/drivers/char/tty_io.c
| +++ b/drivers/char/tty_io.c
| @@ -1817,8 +1817,10 @@ got_driver:
| /* check whether we're reopening an existing tty */
| tty = tty_driver_lookup_tty(driver, inode, index);
|
| - if (IS_ERR(tty))
| + if (IS_ERR(tty)) {
| + mutex_unlock(&tty_mutex);
| return PTR_ERR(tty);
| + }
| }
|
| if (tty) {
|
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/