diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-08-18 00:25:51 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-09-26 21:08:50 -0400 |
| commit | 56b31d1c9f1e6a3ad92e7bfe252721e05d92b285 (patch) | |
| tree | 44521dbcdf51695b6092f2a4dabe83f460c2ed7c /net/9p | |
| parent | 28407630513b1a86133db0ef8b39fabad6c494af (diff) | |
unexport sock_map_fd(), switch to sock_alloc_file()
Both modular callers of sock_map_fd() had been buggy; sctp one leaks
descriptor and file if copy_to_user() fails, 9p one shouldn't be
exposing file in the descriptor table at all.
Switch both to sock_alloc_file(), export it, unexport sock_map_fd() and
make it static.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/9p')
| -rw-r--r-- | net/9p/trans_fd.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 6449bae15702..8c4e0b538a8a 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c | |||
| @@ -793,30 +793,28 @@ static int p9_fd_open(struct p9_client *client, int rfd, int wfd) | |||
| 793 | static int p9_socket_open(struct p9_client *client, struct socket *csocket) | 793 | static int p9_socket_open(struct p9_client *client, struct socket *csocket) |
| 794 | { | 794 | { |
| 795 | struct p9_trans_fd *p; | 795 | struct p9_trans_fd *p; |
| 796 | int ret, fd; | 796 | struct file *file; |
| 797 | int ret; | ||
| 797 | 798 | ||
| 798 | p = kmalloc(sizeof(struct p9_trans_fd), GFP_KERNEL); | 799 | p = kmalloc(sizeof(struct p9_trans_fd), GFP_KERNEL); |
| 799 | if (!p) | 800 | if (!p) |
| 800 | return -ENOMEM; | 801 | return -ENOMEM; |
| 801 | 802 | ||
| 802 | csocket->sk->sk_allocation = GFP_NOIO; | 803 | csocket->sk->sk_allocation = GFP_NOIO; |
| 803 | fd = sock_map_fd(csocket, 0); | 804 | file = sock_alloc_file(csocket, 0); |
| 804 | if (fd < 0) { | 805 | if (IS_ERR(file)) { |
| 805 | pr_err("%s (%d): failed to map fd\n", | 806 | pr_err("%s (%d): failed to map fd\n", |
| 806 | __func__, task_pid_nr(current)); | 807 | __func__, task_pid_nr(current)); |
| 807 | sock_release(csocket); | 808 | sock_release(csocket); |
| 808 | kfree(p); | 809 | kfree(p); |
| 809 | return fd; | 810 | return PTR_ERR(file); |
| 810 | } | 811 | } |
| 811 | 812 | ||
| 812 | get_file(csocket->file); | 813 | get_file(file); |
| 813 | get_file(csocket->file); | 814 | p->wr = p->rd = file; |
| 814 | p->wr = p->rd = csocket->file; | ||
| 815 | client->trans = p; | 815 | client->trans = p; |
| 816 | client->status = Connected; | 816 | client->status = Connected; |
| 817 | 817 | ||
| 818 | sys_close(fd); /* still racy */ | ||
| 819 | |||
| 820 | p->rd->f_flags |= O_NONBLOCK; | 818 | p->rd->f_flags |= O_NONBLOCK; |
| 821 | 819 | ||
| 822 | p->conn = p9_conn_create(client); | 820 | p->conn = p9_conn_create(client); |