commit 808ffa3d302257b9dc37b1412c1fcdf976fcddac · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

tty_open can return to userspace holding tty_mutex

__tty_open could return (to userspace) holding the tty_mutex thanks to a
regression introduced by 4a2b5fddd53b80efcb3266ee36e23b8de28e761a ("Move
tty lookup/reopen to caller").

This was found by bisecting an fsfuzzer problem. Admittedly I have no
idea how it managed to tickle this 100% reliably, but it is clearly a
regression and when hit leaves the box in a completely unusable state.
This patch lets the fsfuzzer test complete every time.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Eric Paris and committed by Linus Torvalds 17 years ago 808ffa3d 5ee81007

+3 -1

1 changed file

expand all

unified split

drivers

char

tty_io.c

+3 -1

drivers/char/tty_io.c

··· 1817 /* check whether we're reopening an existing tty */ 1818 tty = tty_driver_lookup_tty(driver, inode, index); 1819 1820 - if (IS_ERR(tty)) 1821 return PTR_ERR(tty); 1822 } 1823 1824 if (tty) {

··· 1817 /* check whether we're reopening an existing tty */ 1818 tty = tty_driver_lookup_tty(driver, inode, index); 1819 1820 + if (IS_ERR(tty)) { 1821 + mutex_unlock(&tty_mutex); 1822 return PTR_ERR(tty); 1823 + } 1824 } 1825 1826 if (tty) {