[PATCH] fix NULL dereference in inotify_ignore
Amy Griffis [Sat, 20 May 2006 22:00:07 +0000 (15:00 -0700)]
Don't reassign to watch.  If idr_find() returns NULL, then
put_inotify_watch() will choke.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Cc: John McCutchan <john@johnmccutchan.com>
Cc: Robert Love <rlove@rlove.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/inotify.c

index 7d57253..732ec4b 100644 (file)
@@ -894,8 +894,7 @@ static int inotify_ignore(struct inotify_device *dev, s32 wd)
        mutex_lock(&dev->mutex);
 
        /* make sure that we did not race */
-       watch = idr_find(&dev->idr, wd);
-       if (likely(watch))
+       if (likely(idr_find(&dev->idr, wd) == watch))
                remove_watch(watch, dev);
 
        mutex_unlock(&dev->mutex);