From 0b778076d9a77e82be3775199035e427f2746f29 Mon Sep 17 00:00:00 2001
From: Shengzhe Zhao <a18689@motorola.com>
Date: Wed, 25 Jun 2014 16:03:32 -0700
Subject: [PATCH] vfs: check if f_count is 0 or negative

filp_close is using !file_count(filp) to check if f_count is 0. if it is
0, filp_close think it is a closed file then will return. However, for a
closed file, f_count could be reduced to -1, then !file_count(filp) is
false, filp_close will proceed to handle this file then could panic.
This change will check if f_count is 0 or negative instead of only
checking 0 to avoid panic.

b/18200219 LRX21M: kernel_panic

Change-Id: I5117853dcbebec399021abf34338b1f6aff6ad14
Signed-off-by: Shengzhe Zhao <a18689@motorola.com>
Reviewed-by: Yi-Wei Zhao <gbjc64@motorola.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
---
 fs/open.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 5720854156db..c4b8b523f0d5 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1041,9 +1041,12 @@ SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode)
 int filp_close(struct file *filp, fl_owner_t id)
 {
 	int retval = 0;
+	long ret;
 
-	if (!file_count(filp)) {
-		printk(KERN_ERR "VFS: Close: file count is 0\n");
+	ret = file_count(filp);
+	if (ret <= 0) {
+		printk(KERN_ERR "VFS: Close: file count is %ld\n", ret);
+		WARN_ON(ret < 0);
 		return 0;
 	}
 
-- 
GitLab