tick/broadcast: Prevent NULL pointer dereference

[uclinux-h8/linux.git] / fs / file.c

diff --git a/fs/file.c b/fs/file.c
index 3d2eb4c..6c672ad 100644 (file)
--- a/fs/file.c
+++ b/fs/file.c
@@ -664,11 +664,17 @@ static struct file *__fget(unsigned int fd, fmode_t mask)
        struct file *file;
 
        rcu_read_lock();
+loop:
        file = fcheck_files(files, fd);
        if (file) {
-               /* File object ref couldn't be taken */
-               if ((file->f_mode & mask) || !get_file_rcu(file))
+               /* File object ref couldn't be taken.
+                * dup2() atomicity guarantee is the reason
+                * we loop to catch the new file (or NULL pointer)
+                */
+               if (file->f_mode & mask)
                        file = NULL;
+               else if (!get_file_rcu(file))
+                       goto loop;
        }
        rcu_read_unlock();