| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130921183436.GA13418@redhat.com>
Date: Sat, 21 Sep 2013 20:34:36 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Peter Hurley <peter@...leysoftware.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jslaby@...e.cz>,
Linus Torvalds <torvalds@...ux-foundation.org>,
codonell <codonell@...hat.com>, Eduard Benes <ebenes@...hat.com>,
Karel Srot <ksrot@...hat.com>,
Matt Newsome <mnewsome@...hat.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] tty: disassociate_ctty() sends the extra SIGCONT
Peter, sorry for delay, I was sick.
On 09/17, Peter Hurley wrote:
>
> On 09/15/2013 11:50 AM, Oleg Nesterov wrote:
>
>> Put the "!on_exit" check back to restore the old behaviour.
>>
>> Cc: stable@...r.kernel.org # v3.10+
>> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
>> Reported-by: Karel Srot <ksrot@...hat.com>
>
> Reviewed-by: Peter Hurley <peter@...leysoftware.com>
Thanks!
Can I ask the question? tty_signal_session_leader() is probably fine,
but it _looks_ buggy or at least confusing to me.
do_each_pid_task(tty->session, PIDTYPE_SID, p) {
spin_lock_irq(&p->sighand->siglock);
if (p->signal->tty == tty) {
p->signal->tty = NULL;
/* We defer the dereferences outside fo
the tasklist lock */
refs++;
}
if (!p->signal->leader) {
spin_unlock_irq(&p->sighand->siglock);
continue;
}
__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
put_pid(p->signal->tty_old_pgrp); /* A noop */
spin_lock(&tty->ctrl_lock);
tty_pgrp = get_pid(tty->pgrp);
I guess this can happen only once, so we could even add WARN_ON(tty_pgrp)
before get_pid(). But this look confusing, as if we can do get_pid()
multiple times and leak tty->pgrp.
if (tty->pgrp)
p->signal->tty_old_pgrp = get_pid(tty->pgrp);
else? We already did put_pid(tty_old_pgrp), we should clear it.
IOW, do you think the patch below makes sense or I missed something?
Just curious.
Oleg.
--- x/drivers/tty/tty_io.c
+++ x/drivers/tty/tty_io.c
@@ -548,7 +548,7 @@ static int tty_signal_session_leader(str
{
struct task_struct *p;
int refs = 0;
- struct pid *tty_pgrp = NULL;
+ struct pid *tty_pgrp = tty_get_pgrp(tty);
read_lock(&tasklist_lock);
if (tty->session) {
@@ -560,18 +560,12 @@ static int tty_signal_session_leader(str
the tasklist lock */
refs++;
}
- if (!p->signal->leader) {
- spin_unlock_irq(&p->sighand->siglock);
- continue;
+ if (p->signal->leader) {
+ __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
+ __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
+ put_pid(p->signal->tty_old_pgrp); /* A noop */
+ p->signal->tty_old_pgrp = get_pid(tty_pgrp);
}
- __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
- __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
- put_pid(p->signal->tty_old_pgrp); /* A noop */
- spin_lock(&tty->ctrl_lock);
- tty_pgrp = get_pid(tty->pgrp);
- if (tty->pgrp)
- p->signal->tty_old_pgrp = get_pid(tty->pgrp);
- spin_unlock(&tty->ctrl_lock);
spin_unlock_irq(&p->sighand->siglock);
} while_each_pid_task(tty->session, PIDTYPE_SID, p);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists