From: Oleg Nesterov Date: Fri, 1 Jun 2007 07:46:53 +0000 (-0700) Subject: tty: fix leakage of -ERESTARTSYS to userland X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=040b6362d58fe9a344e053546c12bf821f6fce99;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git tty: fix leakage of -ERESTARTSYS to userland Spotted by Satoru Takeuchi. kill_pgrp(task_pgrp(current)) sends the signal to the current's thread group, but can choose any sub-thread as a target for signal_wake_up(). This means that job_control() and tty_check_change() may return -ERESTARTSYS without signal_pending(). Signed-off-by: Oleg Nesterov Cc: Satoru Takeuchi Cc: Roland McGrath Cc: Alan Cox Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/char/n_tty.c b/drivers/char/n_tty.c index b3d4ccc33a47..154f42203b05 100644 --- a/drivers/char/n_tty.c +++ b/drivers/char/n_tty.c @@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct *tty, struct file *file) is_current_pgrp_orphaned()) return -EIO; kill_pgrp(task_pgrp(current), SIGTTIN, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; } } diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index 75d2a46e106f..3752edc30c36 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1148,7 +1148,8 @@ int tty_check_change(struct tty_struct * tty) return 0; if (is_current_pgrp_orphaned()) return -EIO; - (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1); + kill_pgrp(task_pgrp(current), SIGTTOU, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; }