Function alloc_file() doesn't return NULL. It returns error pointer. File structure allocation may fail before file->f_ep_links is initialized, which may lead to crash in eventpoll_release_file().
https://jira.sw.ru/browse/PSBM-41222 Signed-off-by: Stanislav Kinsburskiy <[email protected]> --- fs/ext4/ioctl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index d94aa19..05af494 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -234,9 +234,10 @@ static int ext4_open_balloon(struct super_block *sb, struct vfsmount *mnt) &ext4_file_operations); if (mode & FMODE_WRITE) mnt_drop_write(path.mnt); - err = -ENOMEM; - if (filp == NULL) + if (IS_ERR(filp)) { + err = PTR_ERR(filp); goto err_filp; + } filp->f_flags |= O_LARGEFILE; fd_install(fd, filp); _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
