[PATCH] sanitize anon_inode_getfd()

a) none of the callers even looks at inode or file returned by anon_inode_getfd() b) any caller that would try to look at those would be racy, since by the time it returns we might have raced with close() from another thread and that file would be pining for fjords. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2008-02-23 06:46:49 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-05-01 13:08:50 -0400
commit: 2030a42cecd4dd1985a2ab03e25f3cd6106a5ca8 (patch)
tree: 7cb4710c3f7a4e034a20890f0df99bc42f9bbcee /fs/eventfd.c
parent: 9f3acc3140444a900ab280de942291959f0f615d (diff)
1 files changed, 5 insertions, 10 deletions
diff --git a/fs/eventfd.c b/fs/eventfd.c
index a9f130cd50ac..343942deeec1 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -200,10 +200,8 @@ struct file *eventfd_fget(int fd)
 asmlinkage long sys_eventfd(unsigned int count)
 {
-        int error, fd;
+        int fd;
        struct eventfd_ctx *ctx;
-        struct file *file;
-        struct inode *inode;
        ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
        if (!ctx)
@@ -216,12 +214,9 @@ asmlinkage long sys_eventfd(unsigned int count)
         * When we call this, the initialization must be complete, since
         * anon_inode_getfd() will install the fd.
         */
-        error = anon_inode_getfd(&fd, &inode, &file, "[eventfd]",
+        fd = anon_inode_getfd("[eventfd]", &eventfd_fops, ctx);
-                                 &eventfd_fops, ctx);
+        if (fd < 0)
-        if (!error)
+                kfree(ctx);
-                return fd;
+        return fd;
-        kfree(ctx);
-        return error;
 }
author	Al Viro <viro@zeniv.linux.org.uk>	2008-02-23 06:46:49 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-05-01 13:08:50 -0400
commit	2030a42cecd4dd1985a2ab03e25f3cd6106a5ca8 (patch)
tree	7cb4710c3f7a4e034a20890f0df99bc42f9bbcee /fs/eventfd.c
parent	9f3acc3140444a900ab280de942291959f0f615d (diff)