diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2012-08-18 00:25:51 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-09-26 21:08:50 -0400 |
commit | 56b31d1c9f1e6a3ad92e7bfe252721e05d92b285 (patch) | |
tree | 44521dbcdf51695b6092f2a4dabe83f460c2ed7c /net/9p/trans_fd.c | |
parent | 28407630513b1a86133db0ef8b39fabad6c494af (diff) | |
download | kernel_goldelico_gta04-56b31d1c9f1e6a3ad92e7bfe252721e05d92b285.zip kernel_goldelico_gta04-56b31d1c9f1e6a3ad92e7bfe252721e05d92b285.tar.gz kernel_goldelico_gta04-56b31d1c9f1e6a3ad92e7bfe252721e05d92b285.tar.bz2 |
unexport sock_map_fd(), switch to sock_alloc_file()
Both modular callers of sock_map_fd() had been buggy; sctp one leaks
descriptor and file if copy_to_user() fails, 9p one shouldn't be
exposing file in the descriptor table at all.
Switch both to sock_alloc_file(), export it, unexport sock_map_fd() and
make it static.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/9p/trans_fd.c')
-rw-r--r-- | net/9p/trans_fd.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 6449bae..8c4e0b5 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -793,30 +793,28 @@ static int p9_fd_open(struct p9_client *client, int rfd, int wfd) static int p9_socket_open(struct p9_client *client, struct socket *csocket) { struct p9_trans_fd *p; - int ret, fd; + struct file *file; + int ret; p = kmalloc(sizeof(struct p9_trans_fd), GFP_KERNEL); if (!p) return -ENOMEM; csocket->sk->sk_allocation = GFP_NOIO; - fd = sock_map_fd(csocket, 0); - if (fd < 0) { + file = sock_alloc_file(csocket, 0); + if (IS_ERR(file)) { pr_err("%s (%d): failed to map fd\n", __func__, task_pid_nr(current)); sock_release(csocket); kfree(p); - return fd; + return PTR_ERR(file); } - get_file(csocket->file); - get_file(csocket->file); - p->wr = p->rd = csocket->file; + get_file(file); + p->wr = p->rd = file; client->trans = p; client->status = Connected; - sys_close(fd); /* still racy */ - p->rd->f_flags |= O_NONBLOCK; p->conn = p9_conn_create(client); |