[PATCH] inotify: oops fix
Bug fix: Ensure that the fd passed to inotify_add_watch() and
inotify_rm_watch() belongs to inotify.
Signed-off-by: Robert Love <rml@novell.com>
Signed-off-by: John McCutchan <ttb@tentacle.dhs.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/fs/inotify.c b/fs/inotify.c
index 807209f..b55d6e4 100644
--- a/fs/inotify.c
+++ b/fs/inotify.c
@@ -929,6 +929,12 @@
if (unlikely(!filp))
return -EBADF;
+ /* verify that this is indeed an inotify instance */
+ if (unlikely(filp->f_op != &inotify_fops)) {
+ ret = -EINVAL;
+ goto fput_and_out;
+ }
+
ret = find_inode(path, &nd);
if (unlikely(ret))
goto fput_and_out;
@@ -986,10 +992,18 @@
filp = fget_light(fd, &fput_needed);
if (unlikely(!filp))
return -EBADF;
+
+ /* verify that this is indeed an inotify instance */
+ if (unlikely(filp->f_op != &inotify_fops)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
dev = filp->private_data;
ret = inotify_ignore(dev, wd);
- fput_light(filp, fput_needed);
+out:
+ fput_light(filp, fput_needed);
return ret;
}