As the possible failure of the allocation, the ida_simple_get() will
return error number.
And then ctx->id will be printed in eventfd_show_fdinfo().
Therefore, it should be better to check it and return error if fails,
like the other allocation.
Fixes: b556db17b0e7 ("eventfd: present id to userspace via fdinfo")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
fs/eventfd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/eventfd.c b/fs/eventfd.c
index 3627dd7d25db..5ec1d998f3ac 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -424,6 +424,10 @@ static int do_eventfd(unsigned int count, int flags)
ctx->count = count;
ctx->flags = flags;
ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL);
+ if (ctx->id) {
+ fd = ctx->id;
+ goto err;
+ }
flags &= EFD_SHARED_FCNTL_FLAGS;
flags |= O_RDWR;
--
2.25.1
On Tue, Jan 11, 2022 at 03:00:23PM +0800, Jiasheng Jiang wrote:
> As the possible failure of the allocation, the ida_simple_get() will
> return error number.
> And then ctx->id will be printed in eventfd_show_fdinfo().
> Therefore, it should be better to check it and return error if fails,
> like the other allocation.
>
> Fixes: b556db17b0e7 ("eventfd: present id to userspace via fdinfo")
> Signed-off-by: Jiasheng Jiang <[email protected]>
> ---
> fs/eventfd.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/eventfd.c b/fs/eventfd.c
> index 3627dd7d25db..5ec1d998f3ac 100644
> --- a/fs/eventfd.c
> +++ b/fs/eventfd.c
> @@ -424,6 +424,10 @@ static int do_eventfd(unsigned int count, int flags)
> ctx->count = count;
> ctx->flags = flags;
> ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL);
> + if (ctx->id) {
> + fd = ctx->id;
> + goto err;
> + }
Shouldn't this be 'ctx->id < 0'?
- Eric