[Devel] [PATCH RH9 v2 1/2] ext4: Check alloc_file() results in ext4_open_balloon()

[Kirill Tkhai]

Check for pointer validity before its dereference.

Reported-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/ext4/ioctl.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 0bac68174793..845a81b07f77 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -853,7 +853,7 @@ static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
 static int ext4_open_balloon(struct super_block *sb, struct vfsmount *mnt)
 {
 	struct inode *balloon_ino;
-	int err, fd;
+	int err, fd, ro;
 	struct file *filp;
 	struct dentry *de;
 	struct path path;
@@ -876,13 +876,13 @@ static int ext4_open_balloon(struct super_block *sb, struct vfsmount *mnt)
 
 	path.dentry = de;
 	path.mnt = mntget(mnt);
-	err = mnt_want_write(path.mnt);
-	if (err)
+	ro = mnt_want_write(path.mnt);
+	if (ro)
 		mode = O_RDONLY;
 	else
 		mode = O_RDWR;
 	filp = alloc_file(&path, mode, &ext4_file_operations);
-	if (filp->f_mode & FMODE_WRITE)
+	if (!ro)
 		mnt_drop_write(path.mnt);
 	if (IS_ERR(filp)) {
 		err = PTR_ERR(filp);