tree 9dfed36c97bcdbeaf1576b62752bfcafbfae808a
parent f76baf9365bd66216bf0e0ebfc083e22eda6215b
author Jason Baron <[EMAIL PROTECTED]> Sat, 10 Sep 2005 03:02:01 -0700
committer Linus Torvalds <[EMAIL PROTECTED]> Sat, 10 Sep 2005 03:57:31 -0700

[PATCH] fix disassociate_ctty vs. fork race

Race is as follows. Process A forks process B, both being part of the same
session. Then, A calls disassociate_ctty while B forks C:

A                               B
====                            ====
dissasociate_ctty()             ....
                                  attach_pid(p, PIDTYPE_SID, 

Now, C can have current->signal->tty pointing to a freed tty structure, as
it hasn't yet been added to the session group (to have its controlling tty
cleared on the diassociate_ctty() call).

This has shown up as an oops but could be even more serious.  I haven't
tried to create a test case, but a customer has verified that the patch
below resolves the issue, which was occuring quite frequently.  I'll try
and post the test case if i can.

The patch simply checks for a NULL tty *after* it has been attached to the
proper session group and clears it as necessary.  Alternatively, we could
simply do the tty assignment after the the process is added to the proper
session group.

Signed-off-by: Jason Baron <[EMAIL PROTECTED]>
Cc: Roland McGrath <[EMAIL PROTECTED]>
Cc: Ingo Molnar <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>

 kernel/fork.c |    3 +++
 1 files changed, 3 insertions(+)

diff --git a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1116,6 +1116,9 @@ static task_t *copy_process(unsigned lon
+       if (!current->signal->tty && p->signal->tty)
+               p->signal->tty = NULL;
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to