| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1233003761.9850.14.camel@localhost.localdomain>
Date: Mon, 26 Jan 2009 16:02:40 -0500
From: Eric Paris <eparis@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: sgrubb@...hat.com, esandeen@...hat.com, sukadev@...ibm.com,
alan@...rguk.ukuu.org.uk
Subject: tty: tty_open can return to userspace holding tty_mutex
__tty_open could return (to userspace) holding the tty_mutex thanks to a
regression introduced by 4a2b5fddd53b80efcb3266ee36e23b8de28e761a. This was
found by bisecting an fsfuzzer problem. Admittedly I have no idea how it
managed to tickle this 100% reliably, but it is clearly a regression and
when hit leaves the box in a completely unusable state. This patch lets
the fsfuzzer test complete every time.
Signed-off-by: Eric Paris <eparis@...hat.com>
---
drivers/char/tty_io.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index d33e5ab..bc84e12 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1817,8 +1817,10 @@ got_driver:
/* check whether we're reopening an existing tty */
tty = tty_driver_lookup_tty(driver, inode, index);
- if (IS_ERR(tty))
+ if (IS_ERR(tty)) {
+ mutex_unlock(&tty_mutex);
return PTR_ERR(tty);
+ }
}
if (tty) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists