From: Greg Kroah-Hartman Date: Thu, 17 Dec 2009 15:07:19 +0000 (-0800) Subject: tty: fix race in tty_fasync X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=703625118069;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git tty: fix race in tty_fasync We need to keep the lock held over the call to __f_setown() to prevent a PID race. Thanks to Al Viro for pointing out the problem, and to Travis for making us look here in the first place. Cc: Eric W. Biederman Cc: Al Viro Cc: Alan Cox Cc: Linus Torvalds Cc: Tavis Ormandy Cc: Jeff Dike Cc: Julien Tinnes Cc: Matt Mackall Cc: stable Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index f15df40bc318..c6f3b48be9dd 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on) pid = task_pid(current); type = PIDTYPE_PID; } - spin_unlock_irqrestore(&tty->ctrl_lock, flags); retval = __f_setown(filp, pid, type, 0); + spin_unlock_irqrestore(&tty->ctrl_lock, flags); if (retval) goto out; } else {