Assign process group of the TTY under the "proctree_lock".
This fixes a race where concurrent calls to doenterpgrp() and leavepgrp() while TIOCSCTTY is executing may result in tp->t_pgrp changing value so that tty_rel_pgrp() misses clearing it to NULL. For more details refer to the use of pgdelete() in the kernel. No functional change intended. Panic backtrace: __mtx_lock_sleep() # page fault due to using destroyed mutex tty_signal_pgrp() tty_ioctl() ptsdev_ioctl() kern_ioctl() sys_ioctl() amd64_syscall() MFC after: 1 week Sponsored by: Mellanox Technologies
This commit is contained in:
Hans Petter Selasky
parent
44318fb2f9
commit
160c25d031
@ -1818,7 +1818,6 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag,
|
||||
tp->t_session = p->p_session;
|
||||
tp->t_session->s_ttyp = tp;
|
||||
tp->t_sessioncnt++;
|
||||
sx_xunlock(&proctree_lock);
|
||||
|
||||
/* Assign foreground process group. */
|
||||
tp->t_pgrp = p->p_pgrp;
|
||||
@ -1826,6 +1825,7 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag,
|
||||
p->p_flag |= P_CONTROLT;
|
||||
PROC_UNLOCK(p);
|
||||
|
||||
sx_xunlock(&proctree_lock);
|
||||
return (0);
|
||||
}
|
||||
case TIOCSPGRP: {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user