Commit 70362511 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

tty: fix race in tty_fasync

We need to keep the lock held over the call to __f_setown() to
prevent a PID race.

Thanks to Al Viro for pointing out the problem, and to Travis for
making us look here in the first place.

Cc: Eric W. Biederman <>
Cc: Al Viro <>
Cc: Alan Cox <>
Cc: Linus Torvalds <>
Cc: Tavis Ormandy <>
Cc: Jeff Dike <>
Cc: Julien Tinnes <>
Cc: Matt Mackall <>
Cc: stable <>
Signed-off-by: default avatarGreg Kroah-Hartman <>
parent 18c576f9
......@@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on)
pid = task_pid(current);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
retval = __f_setown(filp, pid, type, 0);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
if (retval)
goto out;
} else {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment