[PATCH] fix NULL dereference in inotify_ignore

Don't reassign to watch.  If idr_find() returns NULL, then
put_inotify_watch() will choke.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Cc: John McCutchan <john@johnmccutchan.com>
Cc: Robert Love <rlove@rlove.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/inotify.c b/fs/inotify.c
index 7d57253365274ed35cdb46f10b0a52b107d6d992..732ec4bd5774507f8c06c6e05cc90d4d2004a84b 100644 (file)
--- a/fs/inotify.c
+++ b/fs/inotify.c
@@ -894,8 +894,7 @@ static int inotify_ignore(struct inotify_device *dev, s32 wd)
        mutex_lock(&dev->mutex);
 
        /* make sure that we did not race */
-       watch = idr_find(&dev->idr, wd);
-       if (likely(watch))
+       if (likely(idr_find(&dev->idr, wd) == watch))
                remove_watch(watch, dev);
 
        mutex_unlock(&dev->mutex);