From: Oren Laadan Date: Sun, 8 Jan 2006 09:03:51 +0000 (-0800) Subject: [PATCH] fork: fix race in setting child's pgrp and tty X-Git-Tag: firefly_0821_release~39472 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9a5d3023e626a0baf86ac6b892c983b3db13f22b;p=firefly-linux-kernel-4.4.55.git [PATCH] fork: fix race in setting child's pgrp and tty In fork, child should recopy parent's pgrp/tty after it has tasklist_lock. Otherwise following a setpgid() on the parent, *after* copy_signal(), the child will own a stale pgrp (which may be reused); (eg. if copy_mm() sleeps a long while due to memory pressure). Similar issue for the tty. Signed-off-by: Oren Laadan Cc: Oleg Nesterov Cc: Roland McGrath Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/fork.c b/kernel/fork.c index 7992ee759d89..4bc0bd8ef176 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -811,9 +811,6 @@ static inline int copy_signal(unsigned long clone_flags, struct task_struct * ts sig->it_prof_expires = cputime_zero; sig->it_prof_incr = cputime_zero; - sig->tty = current->signal->tty; - sig->pgrp = process_group(current); - sig->session = current->signal->session; sig->leader = 0; /* session leadership doesn't inherit */ sig->tty_old_pgrp = 0; @@ -1136,15 +1133,15 @@ static task_t *copy_process(unsigned long clone_flags, attach_pid(p, PIDTYPE_PID, p->pid); attach_pid(p, PIDTYPE_TGID, p->tgid); if (thread_group_leader(p)) { + p->signal->tty = current->signal->tty; + p->signal->pgrp = process_group(current); + p->signal->session = current->signal->session; attach_pid(p, PIDTYPE_PGID, process_group(p)); attach_pid(p, PIDTYPE_SID, p->signal->session); if (p->pid) __get_cpu_var(process_counts)++; } - if (!current->signal->tty && p->signal->tty) - p->signal->tty = NULL; - nr_threads++; total_forks++; write_unlock_irq(&tasklist_lock);