[PATCH] tty: ->signal->tty locking

Fix the locking of signal->tty. Use ->sighand->siglock to protect ->signal->tty; this lock is already used by most other members of ->signal/->sighand. And unless we are 'current' or the tasklist_lock is held we need ->siglock to access ->signal anyway. (NOTE: sys_unshare() is broken wrt ->sighand locking rules) Note that tty_mutex is held over tty destruction, so while holding tty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys are governed by their open file handles. This leaves some holes for tty access from signal->tty (or any other non file related tty access). It solves the tty SLAB scribbles we were seeing. (NOTE: the change from group_send_sig_info to __group_send_sig_info needs to be examined by someone familiar with the security framework, I think it is safe given the SEND_SIG_PRIV from other __group_send_sig_info invocations) [[email protected]: 3270 fix] [[email protected]: various post-viro fixes] Signed-off-by: Peter Zijlstra <[email protected]> Acked-by: Alan Cox <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: Prarit Bhargava <[email protected]> Cc: Chris Wright <[email protected]> Cc: Roland McGrath <[email protected]> Cc: Stephen Smalley <[email protected]> Cc: James Morris <[email protected]> Cc: "David S. Miller" <[email protected]> Cc: Jeff Dike <[email protected]> Cc: Martin Schwidefsky <[email protected]> Cc: Jan Kara <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
kishon · Dec 8, 2006 · 24ec839 · 24ec839
1 parent 562f9c5
commit 24ec839
Show file tree

Hide file tree

Showing 12 changed files with 186 additions and 132 deletions.
diff --git a/arch/sparc64/solaris/misc.c b/arch/sparc64/solaris/misc.c
@@ -423,9 +423,7 @@ asmlinkage int solaris_procids(int cmd, s32 pid, s32 pgid)
 			   Solaris setpgrp and setsid? */
 			ret = sys_setpgid(0, 0);
 			if (ret) return ret;
-			mutex_lock(&tty_mutex);
-			current->signal->tty = NULL;
-			mutex_unlock(&tty_mutex);
+			proc_clear_tty(current);
 			return process_group(current);
 		}
 	case 2: /* getsid */

diff --git a/arch/um/kernel/exec.c b/arch/um/kernel/exec.c
@@ -39,12 +39,13 @@ static long execve1(char *file, char __user * __user *argv,
 		    char __user *__user *env)
 {
         long error;
+	struct tty_struct *tty;
 
 #ifdef CONFIG_TTY_LOG
 	mutex_lock(&tty_mutex);
-	task_lock(current);	/* FIXME:  is this needed ? */
-	log_exec(argv, current->signal->tty);
-	task_unlock(current);
+	tty = get_current_tty();
+	if (tty)
+		log_exec(argv, tty);
 	mutex_unlock(&tty_mutex);
 #endif
         error = do_execve(file, argv, env, &current->thread.regs);