tty_open can return to userspace holding tty_mutex __tty_open could return (to userspace) holding the tty_mutex thanks to a regression introduced by 4a2b5fddd53b80efcb3266ee36e23b8de28e761a ("Move tty lookup/reopen to caller"). This was found by bisecting an fsfuzzer problem. Admittedly I have no idea how it managed to tickle this 100% reliably, but it is clearly a regression and when hit leaves the box in a completely unusable state. This patch lets the fsfuzzer test complete every time. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 808ffa3d302257b9dc37b1412c1fcdf976fcddac [log] [tgz]
author: Eric Paris <eparis@redhat.com> Tue Jan 27 11:50:37 2009 +0000
committer: Linus Torvalds <torvalds@linux-foundation.org> Tue Jan 27 07:37:15 2009 -0800
tree: 9d6d6de93da50d6c2df3cc7b0052a189f410a076
parent: 5ee810072175042775e39bdd3eaaa68884c27805 [diff] [blame]
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index d33e5ab..bc84e12 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c

@@ -1817,8 +1817,10 @@
 		/* check whether we're reopening an existing tty */
 		tty = tty_driver_lookup_tty(driver, inode, index);
 
-		if (IS_ERR(tty))
+		if (IS_ERR(tty)) {
+			mutex_unlock(&tty_mutex);
 			return PTR_ERR(tty);
+		}
 	}
 
 	if (tty) {
commit	808ffa3d302257b9dc37b1412c1fcdf976fcddac	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Tue Jan 27 11:50:37 2009 +0000
committer	Linus Torvalds <torvalds@linux-foundation.org>	Tue Jan 27 07:37:15 2009 -0800
tree	9d6d6de93da50d6c2df3cc7b0052a189f410a076
parent	5ee810072175042775e39bdd3eaaa68884c27805 [diff] [blame]