tty_open can return to userspace holding tty_mutex
__tty_open could return (to userspace) holding the tty_mutex thanks to a
regression introduced by 4a2b5fddd5
("Move
tty lookup/reopen to caller").
This was found by bisecting an fsfuzzer problem. Admittedly I have no
idea how it managed to tickle this 100% reliably, but it is clearly a
regression and when hit leaves the box in a completely unusable state.
This patch lets the fsfuzzer test complete every time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
5ee8100721
commit
808ffa3d30
|
@ -1817,9 +1817,11 @@ got_driver:
|
|||
/* check whether we're reopening an existing tty */
|
||||
tty = tty_driver_lookup_tty(driver, inode, index);
|
||||
|
||||
if (IS_ERR(tty))
|
||||
if (IS_ERR(tty)) {
|
||||
mutex_unlock(&tty_mutex);
|
||||
return PTR_ERR(tty);
|
||||
}
|
||||
}
|
||||
|
||||
if (tty) {
|
||||
retval = tty_reopen(tty);
|
||||
|
|
Loading…
Reference in New Issue