From 0b778076d9a77e82be3775199035e427f2746f29 Mon Sep 17 00:00:00 2001 From: Shengzhe Zhao <a18689@motorola.com> Date: Wed, 25 Jun 2014 16:03:32 -0700 Subject: [PATCH] vfs: check if f_count is 0 or negative filp_close is using !file_count(filp) to check if f_count is 0. if it is 0, filp_close think it is a closed file then will return. However, for a closed file, f_count could be reduced to -1, then !file_count(filp) is false, filp_close will proceed to handle this file then could panic. This change will check if f_count is 0 or negative instead of only checking 0 to avoid panic. b/18200219 LRX21M: kernel_panic Change-Id: I5117853dcbebec399021abf34338b1f6aff6ad14 Signed-off-by: Shengzhe Zhao <a18689@motorola.com> Reviewed-by: Yi-Wei Zhao <gbjc64@motorola.com> Signed-off-by: Iliyan Malchev <malchev@google.com> --- fs/open.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 5720854156db..c4b8b523f0d5 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1041,9 +1041,12 @@ SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) int filp_close(struct file *filp, fl_owner_t id) { int retval = 0; + long ret; - if (!file_count(filp)) { - printk(KERN_ERR "VFS: Close: file count is 0\n"); + ret = file_count(filp); + if (ret <= 0) { + printk(KERN_ERR "VFS: Close: file count is %ld\n", ret); + WARN_ON(ret < 0); return 0; } -- GitLab