[PATCH] tty: Fix two reported pid leaks
authorEric W. Biederman <ebiederm@xmission.com>
Sun, 18 Mar 2007 18:45:44 +0000 (12:45 -0600)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Sun, 18 Mar 2007 20:40:06 +0000 (13:40 -0700)
These leaks were reported by: Catalin Marinas <catalin.marians@gmail.com>
and I have been able to very by inspection they are possible.

When converting tty_io.c to store pids as struct pid pointers instead
of pid_t values it appears I overlooked two places where we stop using
the pid value.  The very obvious one is in do_tty_hangup, and the one
the less obvious one in __proc_set_tty.

When looking into the code __proc_set_tty only has pids that need to
be put because of failures of other parts of the code to properly
perform hangup processing.   Fixing the leak here in __proc_set_tty
is easy and obviously correct so I am doing that first.

Fixing the places that should be performing hangup processing is much
less obviously correct.  So those I'm aiming those patches at -mm.
for now, so the can age a while before they are merged.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/tty_io.c

index e453268566805238288ba64f96e1c5da0f8a1ba3..7a32df59490750775b6df3b718e0b33be2ee8514 100644 (file)
@@ -1376,6 +1376,8 @@ static void do_tty_hangup(struct work_struct *work)
        read_unlock(&tasklist_lock);
 
        tty->flags = 0;
+       put_pid(tty->session);
+       put_pid(tty->pgrp);
        tty->session = NULL;
        tty->pgrp = NULL;
        tty->ctrl_status = 0;
@@ -3841,6 +3843,9 @@ static struct pid *__proc_set_tty(struct task_struct *tsk, struct tty_struct *tt
 {
        struct pid *old_pgrp;
        if (tty) {
+               /* We should not have a session or pgrp to here but.... */
+               put_pid(tty->session);
+               put_pid(tty->pgrp);
                tty->session = get_pid(task_session(tsk));
                tty->pgrp = get_pid(task_pgrp(tsk));
        }