do_epoll_ctl(): clean the failure exits up a bit

stable inclusion from linux-4.19.142 commit dcb6e6efb3298e59d90ee05c6ed33de810314892 CVE: CVE-2020-0466 -------------------------------- commit 52c47969 upstream. Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: N Marc Zyngier <maz@kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

do_epoll_ctl(): clean the failure exits up a bit
stable inclusion from linux-4.19.142 commit dcb6e6efb3298e59d90ee05c6ed33de810314892 CVE: CVE-2020-0466 -------------------------------- commit 52c47969 upstream. Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: N Marc Zyngier <maz@kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
b078c1b2 · Al Viro · Yang Yingliang · b2f3dd05 · b078c1b2
隐藏空白更改
内联并排

Showing with 4 addition and 6 deletion

fs/eventpoll.c fs/eventpoll.c +4 -6

未找到文件。
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -2096,10 +2096,8 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
 			mutex_lock(&epmutex);
 			if (is_file_epoll(tf.file)) {
 				error = -ELOOP;
-				if (ep_loop_check(ep, tf.file) != 0) {
-					clear_tfile_check_list();
+				if (ep_loop_check(ep, tf.file) != 0)
 					goto error_tgt_fput;
-				}
 			} else {
 				get_file(tf.file);
 				list_add(&tf.file->f_tfile_llink,
@@ -2128,8 +2126,6 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
 			error = ep_insert(ep, &epds, tf.file, fd, full_check);
 		} else
 			error = -EEXIST;
-		if (full_check)
-			clear_tfile_check_list();
 		break;
 	case EPOLL_CTL_DEL:
 		if (epi)
@@ -2152,8 +2148,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
 	mutex_unlock(&ep->mtx);

 error_tgt_fput:
-	if (full_check)
+	if (full_check) {
+		clear_tfile_check_list();
 		mutex_unlock(&epmutex);
+	}

 	fdput(tf);
 error_fput: