Commit 452a00d2 authored by Alan Cox's avatar Alan Cox Committed by Linus Torvalds

tty: Make get_current_tty use a kref

We now return a kref covered tty reference. That ensures the tty structure
doesn't go away when you have a return from get_current_tty. This is not
enough to protect you from most of the resources being freed behind your
back - yet.

[Updated to include fixes for SELinux problems found by Andrew Morton and
 an s390 leak found while debugging the former]
Signed-off-by: default avatarAlan Cox <alan@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent f4d2a6c2
...@@ -786,12 +786,12 @@ void disassociate_ctty(int on_exit) ...@@ -786,12 +786,12 @@ void disassociate_ctty(int on_exit)
tty = get_current_tty(); tty = get_current_tty();
if (tty) { if (tty) {
tty_pgrp = get_pid(tty->pgrp); tty_pgrp = get_pid(tty->pgrp);
lock_kernel();
mutex_unlock(&tty_mutex); mutex_unlock(&tty_mutex);
/* XXX: here we race, there is nothing protecting tty */ lock_kernel();
if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
tty_vhangup(tty); tty_vhangup(tty);
unlock_kernel(); unlock_kernel();
tty_kref_put(tty);
} else if (on_exit) { } else if (on_exit) {
struct pid *old_pgrp; struct pid *old_pgrp;
spin_lock_irq(&current->sighand->siglock); spin_lock_irq(&current->sighand->siglock);
...@@ -819,7 +819,6 @@ void disassociate_ctty(int on_exit) ...@@ -819,7 +819,6 @@ void disassociate_ctty(int on_exit)
spin_unlock_irq(&current->sighand->siglock); spin_unlock_irq(&current->sighand->siglock);
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
/* It is possible that do_tty_hangup has free'd this tty */
tty = get_current_tty(); tty = get_current_tty();
if (tty) { if (tty) {
unsigned long flags; unsigned long flags;
...@@ -829,6 +828,7 @@ void disassociate_ctty(int on_exit) ...@@ -829,6 +828,7 @@ void disassociate_ctty(int on_exit)
tty->session = NULL; tty->session = NULL;
tty->pgrp = NULL; tty->pgrp = NULL;
spin_unlock_irqrestore(&tty->ctrl_lock, flags); spin_unlock_irqrestore(&tty->ctrl_lock, flags);
tty_kref_put(tty);
} else { } else {
#ifdef TTY_DEBUG_HANGUP #ifdef TTY_DEBUG_HANGUP
printk(KERN_DEBUG "error attempted to write to tty [0x%p]" printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
...@@ -1806,6 +1806,8 @@ static int __tty_open(struct inode *inode, struct file *filp) ...@@ -1806,6 +1806,8 @@ static int __tty_open(struct inode *inode, struct file *filp)
index = tty->index; index = tty->index;
filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
/* noctty = 1; */ /* noctty = 1; */
/* FIXME: Should we take a driver reference ? */
tty_kref_put(tty);
goto got_driver; goto got_driver;
} }
#ifdef CONFIG_VT #ifdef CONFIG_VT
...@@ -3135,7 +3137,7 @@ struct tty_struct *get_current_tty(void) ...@@ -3135,7 +3137,7 @@ struct tty_struct *get_current_tty(void)
{ {
struct tty_struct *tty; struct tty_struct *tty;
WARN_ON_ONCE(!mutex_is_locked(&tty_mutex)); WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
tty = current->signal->tty; tty = tty_kref_get(current->signal->tty);
/* /*
* session->tty can be changed/cleared from under us, make sure we * session->tty can be changed/cleared from under us, make sure we
* issue the load. The obtained pointer, when not NULL, is valid as * issue the load. The obtained pointer, when not NULL, is valid as
......
...@@ -430,11 +430,12 @@ fs3270_open(struct inode *inode, struct file *filp) ...@@ -430,11 +430,12 @@ fs3270_open(struct inode *inode, struct file *filp)
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
tty = get_current_tty(); tty = get_current_tty();
if (!tty || tty->driver->major != IBM_TTY3270_MAJOR) { if (!tty || tty->driver->major != IBM_TTY3270_MAJOR) {
mutex_unlock(&tty_mutex); tty_kref_put(tty);
rc = -ENODEV; rc = -ENODEV;
goto out; goto out;
} }
minor = tty->index + RAW3270_FIRSTMINOR; minor = tty->index + RAW3270_FIRSTMINOR;
tty_kref_put(tty);
mutex_unlock(&tty_mutex); mutex_unlock(&tty_mutex);
} }
/* Check if some other program is already using fullscreen mode. */ /* Check if some other program is already using fullscreen mode. */
......
...@@ -897,8 +897,9 @@ static void print_warning(struct dquot *dquot, const int warntype) ...@@ -897,8 +897,9 @@ static void print_warning(struct dquot *dquot, const int warntype)
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
tty = get_current_tty(); tty = get_current_tty();
mutex_unlock(&tty_mutex);
if (!tty) if (!tty)
goto out_lock; return;
tty_write_message(tty, dquot->dq_sb->s_id); tty_write_message(tty, dquot->dq_sb->s_id);
if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
tty_write_message(tty, ": warning, "); tty_write_message(tty, ": warning, ");
...@@ -926,8 +927,7 @@ static void print_warning(struct dquot *dquot, const int warntype) ...@@ -926,8 +927,7 @@ static void print_warning(struct dquot *dquot, const int warntype)
break; break;
} }
tty_write_message(tty, msg); tty_write_message(tty, msg);
out_lock: tty_kref_put(tty);
mutex_unlock(&tty_mutex);
} }
#endif #endif
......
...@@ -2123,6 +2123,7 @@ static inline void flush_unauthorized_files(struct files_struct *files) ...@@ -2123,6 +2123,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
tty = get_current_tty(); tty = get_current_tty();
mutex_unlock(&tty_mutex);
if (tty) { if (tty) {
file_list_lock(); file_list_lock();
file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
...@@ -2139,8 +2140,8 @@ static inline void flush_unauthorized_files(struct files_struct *files) ...@@ -2139,8 +2140,8 @@ static inline void flush_unauthorized_files(struct files_struct *files)
} }
} }
file_list_unlock(); file_list_unlock();
tty_kref_put(tty);
} }
mutex_unlock(&tty_mutex);
/* Reset controlling tty. */ /* Reset controlling tty. */
if (drop_tty) if (drop_tty)
no_tty(); no_tty();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment