diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2012-08-17 22:42:36 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-08-22 10:26:55 -0400 |
commit | 98022748f6c7bce85b9f123fd4d1a621219dd8d9 (patch) | |
tree | 475003205a40e79060c072bf4ed6a2cf097ff7ed /fs/eventpoll.c | |
parent | 31605debdf5459cc8aacabf192a911a803a81c26 (diff) | |
download | op-kernel-dev-98022748f6c7bce85b9f123fd4d1a621219dd8d9.zip op-kernel-dev-98022748f6c7bce85b9f123fd4d1a621219dd8d9.tar.gz |
eventpoll: use-after-possible-free in epoll_create1()
As soon as we'd installed the file into descriptor table, it can
get closed by another thread. Freeing ep in process...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/eventpoll.c')
-rw-r--r-- | fs/eventpoll.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 1c8b556..eedec84 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -1654,8 +1654,8 @@ SYSCALL_DEFINE1(epoll_create1, int, flags) error = PTR_ERR(file); goto out_free_fd; } - fd_install(fd, file); ep->file = file; + fd_install(fd, file); return fd; out_free_fd: |