From: Greg Kroah-Hartman Date: Thu, 17 Dec 2009 15:07:19 +0000 (-0800) Subject: tty: fix race in tty_fasync X-Git-Tag: v4.13~20230^2 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=703625118069f9f8960d356676662d3db5a9d116;p=mirror_ubuntu-bionic-kernel.git tty: fix race in tty_fasync We need to keep the lock held over the call to __f_setown() to prevent a PID race. Thanks to Al Viro for pointing out the problem, and to Travis for making us look here in the first place. Cc: Eric W. Biederman Cc: Al Viro Cc: Alan Cox Cc: Linus Torvalds Cc: Tavis Ormandy Cc: Jeff Dike Cc: Julien Tinnes Cc: Matt Mackall Cc: stable Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index f15df40bc318..c6f3b48be9dd 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on) pid = task_pid(current); type = PIDTYPE_PID; } - spin_unlock_irqrestore(&tty->ctrl_lock, flags); retval = __f_setown(filp, pid, type, 0); + spin_unlock_irqrestore(&tty->ctrl_lock, flags); if (retval) goto out; } else {