Description of problem: Changes to tty to use struct pid happened here: ab521dc0f8e117fd808d3e425216864d60390500 mrg-1/rhel-6 are missing: 1) redo locking of tty->pgrp 47f86834bbd4193139d61d659bebf9ab9d691e37 2) tty: fix race in tty_fasync 703625118069f9f8960d356676662d3db5a9d116 3) fnctl: f_modown should call write_lock_irqsave/restore b04da8bfdfbbd79544cab2fadfdc12e87eb01600
commit 703625118069f9f8960d356676662d3db5a9d116 is in 2.6.32.6: tty-fix-race-in-tty_fasync.patch commit b04da8bfdfbbd79544cab2fadfdc12e87eb01600 is in 2.6.32.7: fnctl-f_modown-should-call-write_lock_irqsave-restore.patch
2.6.26-rc1 contains 47f86834bbd4193139d61d659bebf9ab9d691e37 : Subject: redo locking of tty->pgrp X-Git-Tag: v2.6.26-rc1~240 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=47f86834bbd4193139d61d659bebf9ab9d691e37
kernel-2.6.30.10-105.2.13.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.30.10-105.2.13.fc11
kernel-2.6.30.10-105.2.13.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
Take note of this patch.. commit 80e1e823989ec44d8e35bdfddadbddcffec90424 Author: Linus Torvalds <torvalds> Date: Sun Feb 7 10:11:23 2010 -0800 Fix race in tty_fasync() properly This reverts commit 703625118069 ("tty: fix race in tty_fasync") and commit b04da8bfdfbb ("fnctl: f_modown should call write_lock_irqsave/ restore") that tried to fix up some of the fallout but was incomplete. It turns out that we really cannot hold 'tty->ctrl_lock' over calling __f_setown, because not only did that cause problems with interrupt disables (which the second commit fixed), it also causes a potential ABBA deadlock due to lock ordering. Thanks to Tetsuo Handa for following up on the issue, and running lockdep to show the problem. It goes roughly like this: - f_getown gets filp->f_owner.lock for reading without interrupts disabled, so an interrupt that happens while that lock is held can cause a lockdep chain from f_owner.lock -> sighand->siglock. - at the same time, the tty->ctrl_lock -> f_owner.lock chain that commit 703625118069 introduced, together with the pre-existing sighand->siglock -> tty->ctrl_lock chain means that we have a lock dependency the other way too. So instead of extending tty->ctrl_lock over the whole __f_setown() call, we now just take a reference to the 'pid' structure while holding the lock, and then release it after having done the __f_setown. That still guarantees that 'struct pid' won't go away from under us, which is all we really ever needed. Reported-and-tested-by: Tetsuo Handa <penguin-kernel.ne.jp> Acked-by: Greg Kroah-Hartman <gregkh> Acked-by: Américo Wang <xiyou.wangcong> Cc: stable Signed-off-by: Linus Torvalds <torvalds>
kernel-2.6.31.12-174.2.17.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/kernel-2.6.31.12-174.2.17.fc12
kernel-2.6.31.12-174.2.19.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/kernel-2.6.31.12-174.2.19.fc12
kernel-2.6.31.12-174.2.19.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0161.html.