projects
/
firefly-linux-kernel-4.4.55.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
31605de
)
eventpoll: use-after-possible-free in epoll_create1()
author
Al Viro
<viro@zeniv.linux.org.uk>
Sat, 18 Aug 2012 02:42:36 +0000
(22:42 -0400)
committer
Al Viro
<viro@zeniv.linux.org.uk>
Wed, 22 Aug 2012 14:26:55 +0000
(10:26 -0400)
As soon as we'd installed the file into descriptor table, it can
get closed by another thread. Freeing ep in process...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/eventpoll.c
patch
|
blob
|
history
diff --git
a/fs/eventpoll.c
b/fs/eventpoll.c
index 1c8b55670804c20e88a10a48668f574d54f58205..eedec84c1809173eb4c627815ad70122de66eeb3 100644
(file)
--- a/
fs/eventpoll.c
+++ b/
fs/eventpoll.c
@@
-1654,8
+1654,8
@@
SYSCALL_DEFINE1(epoll_create1, int, flags)
error = PTR_ERR(file);
goto out_free_fd;
}
- fd_install(fd, file);
ep->file = file;
+ fd_install(fd, file);
return fd;
out_free_fd: