From: Robert Love Date: Mon, 25 Jul 2005 19:10:08 +0000 (-0400) Subject: [PATCH] inotify: oops fix X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=783bc29bbc5d6625a4669d3eb1d989a8fb275d43;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [PATCH] inotify: oops fix Bug fix: Ensure that the fd passed to inotify_add_watch() and inotify_rm_watch() belongs to inotify. Signed-off-by: Robert Love Signed-off-by: John McCutchan Signed-off-by: Linus Torvalds --- diff --git a/fs/inotify.c b/fs/inotify.c index 807209f0bcda..b55d6e4a0911 100644 --- a/fs/inotify.c +++ b/fs/inotify.c @@ -929,6 +929,12 @@ asmlinkage long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) if (unlikely(!filp)) return -EBADF; + /* verify that this is indeed an inotify instance */ + if (unlikely(filp->f_op != &inotify_fops)) { + ret = -EINVAL; + goto fput_and_out; + } + ret = find_inode(path, &nd); if (unlikely(ret)) goto fput_and_out; @@ -986,10 +992,18 @@ asmlinkage long sys_inotify_rm_watch(int fd, u32 wd) filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; + + /* verify that this is indeed an inotify instance */ + if (unlikely(filp->f_op != &inotify_fops)) { + ret = -EINVAL; + goto out; + } + dev = filp->private_data; ret = inotify_ignore(dev, wd); - fput_light(filp, fput_needed); +out: + fput_light(filp, fput_needed); return ret; }