From 8a8a55105dd2857743dc4f7097f28a6cb2e696ee Mon Sep 17 00:00:00 2001 From: Peter Hurley Date: Thu, 16 Oct 2014 14:59:44 -0400 Subject: uml: Fix unsafe pid reference to foreground process group Although the tty core maintains a pid reference for the foreground process group, if the foreground process group is changed that pid reference is dropped. Thus, the pid reference used for signalling could become stale. Safely obtain a pid reference to the foreground process group and release the reference after signalling is complete. cc: Jeff Dike Acked-by: Richard Weinberger Signed-off-by: Peter Hurley Reviewed-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- arch/um/drivers/line.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'arch/um/drivers') diff --git a/arch/um/drivers/line.c b/arch/um/drivers/line.c index 8035145f043b..62087028a9ce 100644 --- a/arch/um/drivers/line.c +++ b/arch/um/drivers/line.c @@ -632,6 +632,7 @@ static irqreturn_t winch_interrupt(int irq, void *data) int fd = winch->fd; int err; char c; + struct pid *pgrp; if (fd != -1) { err = generic_read(fd, &c, NULL); @@ -657,7 +658,10 @@ static irqreturn_t winch_interrupt(int irq, void *data) if (line != NULL) { chan_window_size(line, &tty->winsize.ws_row, &tty->winsize.ws_col); - kill_pgrp(tty->pgrp, SIGWINCH, 1); + pgrp = tty_get_pgrp(tty); + if (pgrp) + kill_pgrp(pgrp, SIGWINCH, 1); + put_pid(pgrp); } tty_kref_put(tty); } -- cgit v1.2.1