On Mon, Apr 27, 2009 at 02:33:34PM -0400, Gregory Haskins wrote:
> + /* We re-use eventfd for irqfd */
> + fd = sys_eventfd2(0, 0);
> + if (fd < 0) {
> + ret = fd;
> + goto fail;
> + }
> +
> + /* We maintain a reference to eventfd for the irqfd lifetime */
> + file = eventfd_fget(fd);
> + if (IS_ERR(file)) {
> + ret = PTR_ERR(file);
> + goto fail;
> + }
> +
> + irqfd->file = file;
This is just plain wrong. You have no promise whatsoever that caller of
that sucker won't race with e.g. dup2(). IOW, you can't assume that
file will be of the expected kind.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
