diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-23 06:46:49 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-05-01 13:08:50 -0400 |
commit | 2030a42cecd4dd1985a2ab03e25f3cd6106a5ca8 (patch) | |
tree | 7cb4710c3f7a4e034a20890f0df99bc42f9bbcee /virt/kvm/kvm_main.c | |
parent | 9f3acc3140444a900ab280de942291959f0f615d (diff) |
[PATCH] sanitize anon_inode_getfd()
a) none of the callers even looks at inode or file returned by anon_inode_getfd()
b) any caller that would try to look at those would be racy, since by the time
it returns we might have raced with close() from another thread and that
file would be pining for fjords.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'virt/kvm/kvm_main.c')
-rw-r--r-- | virt/kvm/kvm_main.c | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index c82cf15730a1..e89338e2b043 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c | |||
@@ -834,16 +834,9 @@ static const struct file_operations kvm_vcpu_fops = { | |||
834 | */ | 834 | */ |
835 | static int create_vcpu_fd(struct kvm_vcpu *vcpu) | 835 | static int create_vcpu_fd(struct kvm_vcpu *vcpu) |
836 | { | 836 | { |
837 | int fd, r; | 837 | int fd = anon_inode_getfd("kvm-vcpu", &kvm_vcpu_fops, vcpu); |
838 | struct inode *inode; | 838 | if (fd < 0) |
839 | struct file *file; | ||
840 | |||
841 | r = anon_inode_getfd(&fd, &inode, &file, | ||
842 | "kvm-vcpu", &kvm_vcpu_fops, vcpu); | ||
843 | if (r) { | ||
844 | kvm_put_kvm(vcpu->kvm); | 839 | kvm_put_kvm(vcpu->kvm); |
845 | return r; | ||
846 | } | ||
847 | return fd; | 840 | return fd; |
848 | } | 841 | } |
849 | 842 | ||
@@ -1168,19 +1161,15 @@ static const struct file_operations kvm_vm_fops = { | |||
1168 | 1161 | ||
1169 | static int kvm_dev_ioctl_create_vm(void) | 1162 | static int kvm_dev_ioctl_create_vm(void) |
1170 | { | 1163 | { |
1171 | int fd, r; | 1164 | int fd; |
1172 | struct inode *inode; | ||
1173 | struct file *file; | ||
1174 | struct kvm *kvm; | 1165 | struct kvm *kvm; |
1175 | 1166 | ||
1176 | kvm = kvm_create_vm(); | 1167 | kvm = kvm_create_vm(); |
1177 | if (IS_ERR(kvm)) | 1168 | if (IS_ERR(kvm)) |
1178 | return PTR_ERR(kvm); | 1169 | return PTR_ERR(kvm); |
1179 | r = anon_inode_getfd(&fd, &inode, &file, "kvm-vm", &kvm_vm_fops, kvm); | 1170 | fd = anon_inode_getfd("kvm-vm", &kvm_vm_fops, kvm); |
1180 | if (r) { | 1171 | if (fd < 0) |
1181 | kvm_put_kvm(kvm); | 1172 | kvm_put_kvm(kvm); |
1182 | return r; | ||
1183 | } | ||
1184 | 1173 | ||
1185 | return fd; | 1174 | return fd; |
1186 | } | 1175 | } |