The patch titled
tty: fix two reported pid leaks
has been added to the -mm tree. Its filename is
tty-fix-two-reported-pid-leaks.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: tty: fix two reported pid leaks
From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
These leaks were reported by: Catalin Marinas <catalin.marians@xxxxxxxxx>
and I have been able to very by inspection they are possible.
When converting tty_io.c to store pids as struct pid pointers instead of
pid_t values it appears I overlooked two places where we stop using the pid
value. The very obvious one is in do_tty_hangup, and the one the less
obvious one in __proc_set_tty.
When looking into the code __proc_set_tty only has pids that need to be put
because of failures of other parts of the code to properly perform hangup
processing. Fixing the leak here in __proc_set_tty is easy and obviously
correct so I am doing that first.
Fixing the places that should be performing hangup processing is much less
obviously correct. So those I'm aiming those patches at -mm. for now, so
the can age a while before they are merged.
Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/char/tty_io.c | 5 +++++
1 file changed, 5 insertions(+)
diff -puN drivers/char/tty_io.c~tty-fix-two-reported-pid-leaks drivers/char/tty_io.c
--- a/drivers/char/tty_io.c~tty-fix-two-reported-pid-leaks
+++ a/drivers/char/tty_io.c
@@ -1374,6 +1374,8 @@ static void do_tty_hangup(struct work_st
read_unlock(&tasklist_lock);
tty->flags = 0;
+ put_pid(tty->session);
+ put_pid(tty->pgrp);
tty->session = NULL;
tty->pgrp = NULL;
tty->ctrl_status = 0;
@@ -3839,6 +3841,9 @@ static struct pid *__proc_set_tty(struct
{
struct pid *old_pgrp;
if (tty) {
+ /* We should not have a session or pgrp to here but.... */
+ put_pid(tty->session);
+ put_pid(tty->pgrp);
tty->session = get_pid(task_session(tsk));
tty->pgrp = get_pid(task_pgrp(tsk));
}
_
Patches currently in -mm which might be from ebiederm@xxxxxxxxxxxx are
origin.patch
powerpc-rtas-msi-support.patch
fix-i-oat-for-kexec.patch
i386-irq-kill-irq-compression.patch
x86_64-irq-remove-extra-smp_processor_id-calling.patch
remove-hardcoding-of-hard_smp_processor_id-on-up.patch
use-the-apic-to-determine-the-hardware-processor-id-i386.patch
use-the-apic-to-determine-the-hardware-processor-id-x86_64.patch
always-ask-the-hardware-to-obtain-hardware-processor.patch
allow-i386-crash-kernels-to-handle-x86_64-dumps.patch
allow-i386-crash-kernels-to-handle-x86_64-dumps-fix.patch
clone-flag-clone_parent_tidptr-leaves-invalid-results-in-memory.patch
allow-access-to-proc-pid-fd-after-setuid.patch
merge-sys_clone-sys_unshare-nsproxy-and-namespace.patch
fix-race-between-proc_get_inode-and-remove_proc_entry.patch
fix-race-between-proc_readdir-and-remove_proc_entry.patch
procfs-reorder-struct-pid_dentry-to-save-space-on-64bit-archs-and-constify-them.patch
tty-fix-two-reported-pid-leaks.patch
edac-k8-driver-coding-tidy.patch
statically-initialize-struct-pid-for-swapper.patch
explicitly-set-pgid-and-sid-of-init-process.patch
use-struct-pid-parameter-in-copy_process.patch
remove-the-likelypid-check-in-copy_process.patch
use-task_pgrp-task_session-in-copy_process.patch
kill-unused-sesssion-and-group-values-in-rocket-driver.patch
fix-some-coding-style-errors-in-autofs.patch
replace-pid_t-in-autofs-with-struct-pid-reference.patch
vdso-print-fatal-signals-use-ctl_unnumbered.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
