From 69dd136e604a57b2c34ef02d8046ccc9694c1373 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Tue, 27 Jan 2009 11:50:37 +0000
Subject: [PATCH] tty_open can return to userspace holding tty_mutex

__tty_open could return (to userspace) holding the tty_mutex thanks to a
regression introduced by 7a84b46e97b7cf13c97c9db325e6eab1b5dbe645 ("Move
tty lookup/reopen to caller").

This was found by bisecting an fsfuzzer problem.  Admittedly I have no
idea how it managed to tickle this 100% reliably, but it is clearly a
regression and when hit leaves the box in a completely unusable state.
This patch lets the fsfuzzer test complete every time.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 drivers/char/tty_io.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index d33e5ab061779..bc84e125c6bc4 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1817,8 +1817,10 @@ got_driver:
 		/* check whether we're reopening an existing tty */
 		tty = tty_driver_lookup_tty(driver, inode, index);
 
-		if (IS_ERR(tty))
+		if (IS_ERR(tty)) {
+			mutex_unlock(&tty_mutex);
 			return PTR_ERR(tty);
+		}
 	}
 
 	if (tty) {
-- 
2.39.5