diff options
| author | Greg Kroah-Hartman <gregkh@google.com> | 2021-12-08 09:00:24 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@google.com> | 2021-12-08 09:00:24 +0100 |
| commit | bedab629a09ae0e564ece7e7ce37cd49e62f206d (patch) | |
| tree | fc41a05e390efceed4721ea3d56f786e18d40d4e /fs/file.c | |
| parent | e119fbc7066119b167eebd1592707b958df18eb3 (diff) | |
| parent | 90b74a039f807b3ff911d886afe2645c4522542d (diff) | |
Merge 4.4.294 into android-4.4-p
Changes in 4.4.294
staging: ion: Prevent incorrect reference counting behavour
USB: serial: option: add Telit LE910S1 0x9200 composition
USB: serial: option: add Fibocom FM101-GL variants
usb: hub: Fix usb enumeration issue due to address0 race
usb: hub: Fix locking issues with address0_mutex
binder: fix test regression due to sender_euid change
ALSA: ctxfi: Fix out-of-range access
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
xen: don't continue xenstore initialization in case of errors
xen: detect uninitialized xenbus in xenbus_init
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
net: ieee802154: handle iftypes as u32
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
scsi: mpt3sas: Fix kernel panic during drive powercycle test
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
tracing: Check pid filtering when creating events
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
proc/vmcore: fix clearing user buffer by properly using clear_user()
NFC: add NCI_UNREG flag to eliminate the race
fuse: fix page stealing
fuse: release pipe buf after last use
shm: extend forced shm destroy to support objects from several IPC nses
xen: sync include/xen/interface/io/ring.h with Xen's newest version
xen/blkfront: read response from backend only once
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: don't trust the backend response data blindly
xen/netfront: read response from backend only once
xen/netfront: don't read data from request on the ring page
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't trust the backend response data blindly
tty: hvc: replace BUG_ON() with negative return value
hugetlb: take PMD sharing into account when flushing tlb/caches
net: return correct error code
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
s390/setup: avoid using memblock_enforce_memory_limit
scsi: iscsi: Unblock session then wake up error handler
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
kprobes: Limit max data_size of the kretprobe instances
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
fs: add fget_many() and fput_many()
fget: check that the fd still exists after getting a ref to it
natsemi: xtensa: fix section mismatch warnings
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
siphash: use _unaligned version by default
parisc: Fix "make install" on newer debian releases
vgacon: Propagate console boot parameters before calling `vc_resize'
tty: serial: msm_serial: Deactivate RX DMA for polling support
serial: pl011: Add ACPI SBSA UART match id
Linux 4.4.294
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id3cafc33da957a0501bcf61d000025167d552797
Diffstat (limited to 'fs/file.c')
| -rw-r--r-- | fs/file.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/fs/file.c b/fs/file.c index 090015401c55..0ed602e1fbd2 100644 --- a/fs/file.c +++ b/fs/file.c @@ -691,7 +691,7 @@ void do_close_on_exec(struct files_struct *files) spin_unlock(&files->file_lock); } -static struct file *__fget(unsigned int fd, fmode_t mask) +static struct file *__fget(unsigned int fd, fmode_t mask, unsigned int refs) { struct files_struct *files = current->files; struct file *file; @@ -706,23 +706,32 @@ loop: */ if (file->f_mode & mask) file = NULL; - else if (!get_file_rcu(file)) + else if (!get_file_rcu_many(file, refs)) goto loop; + else if (__fcheck_files(files, fd) != file) { + fput_many(file, refs); + goto loop; + } } rcu_read_unlock(); return file; } +struct file *fget_many(unsigned int fd, unsigned int refs) +{ + return __fget(fd, FMODE_PATH, refs); +} + struct file *fget(unsigned int fd) { - return __fget(fd, FMODE_PATH); + return __fget(fd, FMODE_PATH, 1); } EXPORT_SYMBOL(fget); struct file *fget_raw(unsigned int fd) { - return __fget(fd, 0); + return __fget(fd, 0, 1); } EXPORT_SYMBOL(fget_raw); @@ -753,7 +762,7 @@ static unsigned long __fget_light(unsigned int fd, fmode_t mask) return 0; return (unsigned long)file; } else { - file = __fget(fd, mask); + file = __fget(fd, mask, 1); if (!file) return 0; return FDPUT_FPUT | (unsigned long)file; |