tty: fix race in tty_fasync

We need to keep the lock held over the call to __f_setown() to prevent a PID race. Thanks to Al Viro for pointing out the problem, and to Travis for making us look here in the first place. Cc: Eric W. Biederman <[email protected]> Cc: Al Viro <[email protected]> Cc: Alan Cox <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Tavis Ormandy <[email protected]> Cc: Jeff Dike <[email protected]> Cc: Julien Tinnes <[email protected]> Cc: Matt Mackall <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
author: Greg Kroah-Hartman <[email protected]> 2009-12-17 07:07:19 -0800
committer: Greg Kroah-Hartman <[email protected]> 2010-01-20 15:03:31 -0800
commit: 703625118069f9f8960d356676662d3db5a9d116 (patch)
tree: fe46ee6784dee41dbb9b642a1f551a1adfa44710
parent: 18c576f950167ff3ec1e56dcbbec7b87288b3237 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index f15df40bc318..c6f3b48be9dd 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1951,8 +1951,8 @@ static int tty_fasync(int fd, struct file *filp, int on)
 			pid = task_pid(current);
 			type = PIDTYPE_PID;
 		}
-		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 		retval = __f_setown(filp, pid, type, 0);
+		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 		if (retval)
 			goto out;
 	} else {
author	Greg Kroah-Hartman <[email protected]>	2009-12-17 07:07:19 -0800
committer	Greg Kroah-Hartman <[email protected]>	2010-01-20 15:03:31 -0800
commit	703625118069f9f8960d356676662d3db5a9d116 (patch)
tree	fe46ee6784dee41dbb9b642a1f551a1adfa44710
parent	18c576f950167ff3ec1e56dcbbec7b87288b3237 (diff)