From: Peter Hurley Date: Thu, 16 Oct 2014 18:59:44 +0000 (-0400) Subject: uml: Fix unsafe pid reference to foreground process group X-Git-Tag: firefly_0821_release~176^2~2678^2~211 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8a8a55105dd2857743dc4f7097f28a6cb2e696ee;p=firefly-linux-kernel-4.4.55.git uml: Fix unsafe pid reference to foreground process group Although the tty core maintains a pid reference for the foreground process group, if the foreground process group is changed that pid reference is dropped. Thus, the pid reference used for signalling could become stale. Safely obtain a pid reference to the foreground process group and release the reference after signalling is complete. cc: Jeff Dike Acked-by: Richard Weinberger Signed-off-by: Peter Hurley Reviewed-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- diff --git a/arch/um/drivers/line.c b/arch/um/drivers/line.c index 8035145f043b..62087028a9ce 100644 --- a/arch/um/drivers/line.c +++ b/arch/um/drivers/line.c @@ -632,6 +632,7 @@ static irqreturn_t winch_interrupt(int irq, void *data) int fd = winch->fd; int err; char c; + struct pid *pgrp; if (fd != -1) { err = generic_read(fd, &c, NULL); @@ -657,7 +658,10 @@ static irqreturn_t winch_interrupt(int irq, void *data) if (line != NULL) { chan_window_size(line, &tty->winsize.ws_row, &tty->winsize.ws_col); - kill_pgrp(tty->pgrp, SIGWINCH, 1); + pgrp = tty_get_pgrp(tty); + if (pgrp) + kill_pgrp(pgrp, SIGWINCH, 1); + put_pid(pgrp); } tty_kref_put(tty); }