Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
fs/fuse/dev.c | 41 +++++++++++++++++++++--------------------
1 file changed, 21 insertions(+), 20 deletions(-)
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index eb4f88e3dc97..1a8f82f478cb 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -2257,30 +2257,31 @@ static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
int res;
int oldfd;
struct fuse_dev *fud = NULL;
+ struct fd f;
switch (cmd) {
case FUSE_DEV_IOC_CLONE:
- res = -EFAULT;
- if (!get_user(oldfd, (__u32 __user *)arg)) {
- struct file *old = fget(oldfd);
-
- res = -EINVAL;
- if (old) {
- /*
- * Check against file->f_op because CUSE
- * uses the same ioctl handler.
- */
- if (old->f_op == file->f_op)
- fud = fuse_get_dev(old);
-
- if (fud) {
- mutex_lock(&fuse_mutex);
- res = fuse_device_clone(fud->fc, file);
- mutex_unlock(&fuse_mutex);
- }
- fput(old);
- }
+ if (get_user(oldfd, (__u32 __user *)arg))
+ return -EFAULT;
+
+ f = fdget(oldfd);
+ if (!f.file)
+ return -EINVAL;
+
+ /*
+ * Check against file->f_op because CUSE
+ * uses the same ioctl handler.
+ */
+ if (f.file->f_op == file->f_op)
+ fud = fuse_get_dev(f.file);
+
+ res = -EINVAL;
+ if (fud) {
+ mutex_lock(&fuse_mutex);
+ res = fuse_device_clone(fud->fc, file);
+ mutex_unlock(&fuse_mutex);
}
+ fdput(f);
break;
default:
res = -ENOTTY;
--
2.30.2
