Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

+2 -3

arch/alpha/kernel/osf_sys.c

··· 152 152 long __user *, basep) 153 153 { 154 154 int error; 155 - struct fd arg = fdget_pos(fd); 155 + CLASS(fd_pos, arg)(fd); 156 156 struct osf_dirent_callback buf = { 157 157 .ctx.actor = osf_filldir, 158 158 .dirent = dirent, ··· 160 160 .count = count 161 161 }; 162 162 163 - if (!fd_file(arg)) 163 + if (fd_empty(arg)) 164 164 return -EBADF; 165 165 166 166 error = iterate_dir(fd_file(arg), &buf.ctx); ··· 169 169 if (count != buf.count) 170 170 error = count - buf.count; 171 171 172 - fdput_pos(arg); 173 172 return error; 174 173 } 175 174

+4 -6

arch/arm/kernel/sys_oabi-compat.c

··· 235 235 unsigned long arg) 236 236 { 237 237 void __user *argp = (void __user *)arg; 238 - struct fd f = fdget_raw(fd); 238 + CLASS(fd_raw, f)(fd); 239 239 struct flock64 flock; 240 - long err = -EBADF; 240 + long err; 241 241 242 - if (!fd_file(f)) 243 - goto out; 242 + if (fd_empty(f)) 243 + return -EBADF; 244 244 245 245 switch (cmd) { 246 246 case F_GETLK64: ··· 271 271 err = sys_fcntl64(fd, cmd, arg); 272 272 break; 273 273 } 274 - fdput(f); 275 - out: 276 274 return err; 277 275 } 278 276

+5 -16

arch/powerpc/kvm/book3s_64_vio.c

··· 115 115 struct iommu_table_group *table_group; 116 116 long i; 117 117 struct kvmppc_spapr_tce_iommu_table *stit; 118 - struct fd f; 118 + CLASS(fd, f)(tablefd); 119 119 120 - f = fdget(tablefd); 121 - if (!fd_file(f)) 120 + if (fd_empty(f)) 122 121 return -EBADF; 123 122 124 123 rcu_read_lock(); ··· 129 130 } 130 131 rcu_read_unlock(); 131 132 132 - if (!found) { 133 - fdput(f); 133 + if (!found) 134 134 return -EINVAL; 135 - } 136 135 137 136 table_group = iommu_group_get_iommudata(grp); 138 - if (WARN_ON(!table_group)) { 139 - fdput(f); 137 + if (WARN_ON(!table_group)) 140 138 return -EFAULT; 141 - } 142 139 143 140 for (i = 0; i < IOMMU_TABLE_GROUP_MAX_TABLES; ++i) { 144 141 struct iommu_table *tbltmp = table_group->tables[i]; ··· 155 160 break; 156 161 } 157 162 } 158 - if (!tbl) { 159 - fdput(f); 163 + if (!tbl) 160 164 return -EINVAL; 161 - } 162 165 163 166 rcu_read_lock(); 164 167 list_for_each_entry_rcu(stit, &stt->iommu_tables, next) { ··· 167 174 /* stit is being destroyed */ 168 175 iommu_tce_table_put(tbl); 169 176 rcu_read_unlock(); 170 - fdput(f); 171 177 return -ENOTTY; 172 178 } 173 179 /* ··· 174 182 * its KVM reference counter and can return. 175 183 */ 176 184 rcu_read_unlock(); 177 - fdput(f); 178 185 return 0; 179 186 } 180 187 rcu_read_unlock(); ··· 181 190 stit = kzalloc(sizeof(*stit), GFP_KERNEL); 182 191 if (!stit) { 183 192 iommu_tce_table_put(tbl); 184 - fdput(f); 185 193 return -ENOMEM; 186 194 } 187 195 ··· 189 199 190 200 list_add_rcu(&stit->next, &stt->iommu_tables); 191 201 192 - fdput(f); 193 202 return 0; 194 203 } 195 204

+7 -17

arch/powerpc/kvm/powerpc.c

··· 1933 1933 #endif 1934 1934 #ifdef CONFIG_KVM_MPIC 1935 1935 case KVM_CAP_IRQ_MPIC: { 1936 - struct fd f; 1936 + CLASS(fd, f)(cap->args[0]); 1937 1937 struct kvm_device *dev; 1938 1938 1939 1939 r = -EBADF; 1940 - f = fdget(cap->args[0]); 1941 - if (!fd_file(f)) 1940 + if (fd_empty(f)) 1942 1941 break; 1943 1942 1944 1943 r = -EPERM; ··· 1945 1946 if (dev) 1946 1947 r = kvmppc_mpic_connect_vcpu(dev, vcpu, cap->args[1]); 1947 1948 1948 - fdput(f); 1949 1949 break; 1950 1950 } 1951 1951 #endif 1952 1952 #ifdef CONFIG_KVM_XICS 1953 1953 case KVM_CAP_IRQ_XICS: { 1954 - struct fd f; 1954 + CLASS(fd, f)(cap->args[0]); 1955 1955 struct kvm_device *dev; 1956 1956 1957 1957 r = -EBADF; 1958 - f = fdget(cap->args[0]); 1959 - if (!fd_file(f)) 1958 + if (fd_empty(f)) 1960 1959 break; 1961 1960 1962 1961 r = -EPERM; ··· 1965 1968 else 1966 1969 r = kvmppc_xics_connect_vcpu(dev, vcpu, cap->args[1]); 1967 1970 } 1968 - 1969 - fdput(f); 1970 1971 break; 1971 1972 } 1972 1973 #endif /* CONFIG_KVM_XICS */ 1973 1974 #ifdef CONFIG_KVM_XIVE 1974 1975 case KVM_CAP_PPC_IRQ_XIVE: { 1975 - struct fd f; 1976 + CLASS(fd, f)(cap->args[0]); 1976 1977 struct kvm_device *dev; 1977 1978 1978 1979 r = -EBADF; 1979 - f = fdget(cap->args[0]); 1980 - if (!fd_file(f)) 1980 + if (fd_empty(f)) 1981 1981 break; 1982 1982 1983 1983 r = -ENXIO; 1984 - if (!xive_enabled()) { 1985 - fdput(f); 1984 + if (!xive_enabled()) 1986 1985 break; 1987 - } 1988 1986 1989 1987 r = -EPERM; 1990 1988 dev = kvm_device_from_filp(fd_file(f)); 1991 1989 if (dev) 1992 1990 r = kvmppc_xive_native_connect_vcpu(dev, vcpu, 1993 1991 cap->args[1]); 1994 - 1995 - fdput(f); 1996 1992 break; 1997 1993 } 1998 1994 #endif /* CONFIG_KVM_XIVE */

+22 -46

arch/powerpc/platforms/cell/spu_syscalls.c

··· 36 36 37 37 static inline void spufs_calls_put(struct spufs_calls *calls) 38 38 { 39 + if (!calls) 40 + return; 41 + 39 42 BUG_ON(calls != spufs_calls); 40 43 41 44 /* we don't need to rcu this, as we hold a reference to the module */ ··· 56 53 57 54 #endif /* CONFIG_SPU_FS_MODULE */ 58 55 56 + DEFINE_CLASS(spufs_calls, struct spufs_calls *, spufs_calls_put(_T), spufs_calls_get(), void) 57 + 59 58 SYSCALL_DEFINE4(spu_create, const char __user *, name, unsigned int, flags, 60 59 umode_t, mode, int, neighbor_fd) 61 60 { 62 - long ret; 63 - struct spufs_calls *calls; 64 - 65 - calls = spufs_calls_get(); 61 + CLASS(spufs_calls, calls)(); 66 62 if (!calls) 67 63 return -ENOSYS; 68 64 69 65 if (flags & SPU_CREATE_AFFINITY_SPU) { 70 - struct fd neighbor = fdget(neighbor_fd); 71 - ret = -EBADF; 72 - if (fd_file(neighbor)) { 73 - ret = calls->create_thread(name, flags, mode, fd_file(neighbor)); 74 - fdput(neighbor); 75 - } 76 - } else 77 - ret = calls->create_thread(name, flags, mode, NULL); 78 - 79 - spufs_calls_put(calls); 80 - return ret; 66 + CLASS(fd, neighbor)(neighbor_fd); 67 + if (fd_empty(neighbor)) 68 + return -EBADF; 69 + return calls->create_thread(name, flags, mode, fd_file(neighbor)); 70 + } else { 71 + return calls->create_thread(name, flags, mode, NULL); 72 + } 81 73 } 82 74 83 75 SYSCALL_DEFINE3(spu_run,int, fd, __u32 __user *, unpc, __u32 __user *, ustatus) 84 76 { 85 - long ret; 86 - struct fd arg; 87 - struct spufs_calls *calls; 88 - 89 - calls = spufs_calls_get(); 77 + CLASS(spufs_calls, calls)(); 90 78 if (!calls) 91 79 return -ENOSYS; 92 80 93 - ret = -EBADF; 94 - arg = fdget(fd); 95 - if (fd_file(arg)) { 96 - ret = calls->spu_run(fd_file(arg), unpc, ustatus); 97 - fdput(arg); 98 - } 81 + CLASS(fd, arg)(fd); 82 + if (fd_empty(arg)) 83 + return -EBADF; 99 84 100 - spufs_calls_put(calls); 101 - return ret; 85 + return calls->spu_run(fd_file(arg), unpc, ustatus); 102 86 } 103 87 104 88 #ifdef CONFIG_COREDUMP 105 89 int elf_coredump_extra_notes_size(void) 106 90 { 107 - struct spufs_calls *calls; 108 - int ret; 109 - 110 - calls = spufs_calls_get(); 91 + CLASS(spufs_calls, calls)(); 111 92 if (!calls) 112 93 return 0; 113 94 114 - ret = calls->coredump_extra_notes_size(); 115 - 116 - spufs_calls_put(calls); 117 - 118 - return ret; 95 + return calls->coredump_extra_notes_size(); 119 96 } 120 97 121 98 int elf_coredump_extra_notes_write(struct coredump_params *cprm) 122 99 { 123 - struct spufs_calls *calls; 124 - int ret; 125 - 126 - calls = spufs_calls_get(); 100 + CLASS(spufs_calls, calls)(); 127 101 if (!calls) 128 102 return 0; 129 103 130 - ret = calls->coredump_extra_notes_write(cprm); 131 - 132 - spufs_calls_put(calls); 133 - 134 - return ret; 104 + return calls->coredump_extra_notes_write(cprm); 135 105 } 136 106 #endif 137 107

+3 -7

arch/x86/kernel/cpu/sgx/main.c

··· 901 901 int sgx_set_attribute(unsigned long *allowed_attributes, 902 902 unsigned int attribute_fd) 903 903 { 904 - struct fd f = fdget(attribute_fd); 904 + CLASS(fd, f)(attribute_fd); 905 905 906 - if (!fd_file(f)) 906 + if (fd_empty(f)) 907 907 return -EINVAL; 908 908 909 - if (fd_file(f)->f_op != &sgx_provision_fops) { 910 - fdput(f); 909 + if (fd_file(f)->f_op != &sgx_provision_fops) 911 910 return -EINVAL; 912 - } 913 911 914 912 *allowed_attributes |= SGX_ATTR_PROVISIONKEY; 915 - 916 - fdput(f); 917 913 return 0; 918 914 } 919 915 EXPORT_SYMBOL_GPL(sgx_set_attribute);

+13 -26

arch/x86/kvm/svm/sev.c

··· 533 533 534 534 static int __sev_issue_cmd(int fd, int id, void *data, int *error) 535 535 { 536 - struct fd f; 537 - int ret; 536 + CLASS(fd, f)(fd); 538 537 539 - f = fdget(fd); 540 - if (!fd_file(f)) 538 + if (fd_empty(f)) 541 539 return -EBADF; 542 540 543 - ret = sev_issue_cmd_external_user(fd_file(f), id, data, error); 544 - 545 - fdput(f); 546 - return ret; 541 + return sev_issue_cmd_external_user(fd_file(f), id, data, error); 547 542 } 548 543 549 544 static int sev_issue_cmd(struct kvm *kvm, int id, void *data, int *error) ··· 2071 2076 { 2072 2077 struct kvm_sev_info *dst_sev = &to_kvm_svm(kvm)->sev_info; 2073 2078 struct kvm_sev_info *src_sev, *cg_cleanup_sev; 2074 - struct fd f = fdget(source_fd); 2079 + CLASS(fd, f)(source_fd); 2075 2080 struct kvm *source_kvm; 2076 2081 bool charged = false; 2077 2082 int ret; 2078 2083 2079 - if (!fd_file(f)) 2084 + if (fd_empty(f)) 2080 2085 return -EBADF; 2081 2086 2082 - if (!file_is_kvm(fd_file(f))) { 2083 - ret = -EBADF; 2084 - goto out_fput; 2085 - } 2087 + if (!file_is_kvm(fd_file(f))) 2088 + return -EBADF; 2086 2089 2087 2090 source_kvm = fd_file(f)->private_data; 2088 2091 ret = sev_lock_two_vms(kvm, source_kvm); 2089 2092 if (ret) 2090 - goto out_fput; 2093 + return ret; 2091 2094 2092 2095 if (kvm->arch.vm_type != source_kvm->arch.vm_type || 2093 2096 sev_guest(kvm) || !sev_guest(source_kvm)) { ··· 2132 2139 cg_cleanup_sev->misc_cg = NULL; 2133 2140 out_unlock: 2134 2141 sev_unlock_two_vms(kvm, source_kvm); 2135 - out_fput: 2136 - fdput(f); 2137 2142 return ret; 2138 2143 } 2139 2144 ··· 2792 2801 2793 2802 int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd) 2794 2803 { 2795 - struct fd f = fdget(source_fd); 2804 + CLASS(fd, f)(source_fd); 2796 2805 struct kvm *source_kvm; 2797 2806 struct kvm_sev_info *source_sev, *mirror_sev; 2798 2807 int ret; 2799 2808 2800 - if (!fd_file(f)) 2809 + if (fd_empty(f)) 2801 2810 return -EBADF; 2802 2811 2803 - if (!file_is_kvm(fd_file(f))) { 2804 - ret = -EBADF; 2805 - goto e_source_fput; 2806 - } 2812 + if (!file_is_kvm(fd_file(f))) 2813 + return -EBADF; 2807 2814 2808 2815 source_kvm = fd_file(f)->private_data; 2809 2816 ret = sev_lock_two_vms(kvm, source_kvm); 2810 2817 if (ret) 2811 - goto e_source_fput; 2818 + return ret; 2812 2819 2813 2820 /* 2814 2821 * Mirrors of mirrors should work, but let's not get silly. Also ··· 2849 2860 2850 2861 e_unlock: 2851 2862 sev_unlock_two_vms(kvm, source_kvm); 2852 - e_source_fput: 2853 - fdput(f); 2854 2863 return ret; 2855 2864 } 2856 2865

+7 -16

drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c

··· 35 35 int fd, 36 36 int32_t priority) 37 37 { 38 - struct fd f = fdget(fd); 38 + CLASS(fd, f)(fd); 39 39 struct amdgpu_fpriv *fpriv; 40 40 struct amdgpu_ctx_mgr *mgr; 41 41 struct amdgpu_ctx *ctx; 42 42 uint32_t id; 43 43 int r; 44 44 45 - if (!fd_file(f)) 45 + if (fd_empty(f)) 46 46 return -EINVAL; 47 47 48 48 r = amdgpu_file_to_fpriv(fd_file(f), &fpriv); 49 - if (r) { 50 - fdput(f); 49 + if (r) 51 50 return r; 52 - } 53 51 54 52 mgr = &fpriv->ctx_mgr; 55 53 mutex_lock(&mgr->lock); ··· 55 57 amdgpu_ctx_priority_override(ctx, priority); 56 58 mutex_unlock(&mgr->lock); 57 59 58 - fdput(f); 59 60 return 0; 60 61 } 61 62 ··· 63 66 unsigned ctx_id, 64 67 int32_t priority) 65 68 { 66 - struct fd f = fdget(fd); 69 + CLASS(fd, f)(fd); 67 70 struct amdgpu_fpriv *fpriv; 68 71 struct amdgpu_ctx *ctx; 69 72 int r; 70 73 71 - if (!fd_file(f)) 74 + if (fd_empty(f)) 72 75 return -EINVAL; 73 76 74 77 r = amdgpu_file_to_fpriv(fd_file(f), &fpriv); 75 - if (r) { 76 - fdput(f); 78 + if (r) 77 79 return r; 78 - } 79 80 80 81 ctx = amdgpu_ctx_get(fpriv, ctx_id); 81 82 82 - if (!ctx) { 83 - fdput(f); 83 + if (!ctx) 84 84 return -EINVAL; 85 - } 86 85 87 86 amdgpu_ctx_priority_override(ctx, priority); 88 87 amdgpu_ctx_put(ctx); 89 - fdput(f); 90 - 91 88 return 0; 92 89 } 93 90

+3 -6

drivers/gpu/drm/drm_syncobj.c

··· 712 712 int fd, u32 *handle) 713 713 { 714 714 struct drm_syncobj *syncobj; 715 - struct fd f = fdget(fd); 715 + CLASS(fd, f)(fd); 716 716 int ret; 717 717 718 - if (!fd_file(f)) 718 + if (fd_empty(f)) 719 719 return -EINVAL; 720 720 721 - if (fd_file(f)->f_op != &drm_syncobj_file_fops) { 722 - fdput(f); 721 + if (fd_file(f)->f_op != &drm_syncobj_file_fops) 723 722 return -EINVAL; 724 - } 725 723 726 724 /* take a reference to put in the idr */ 727 725 syncobj = fd_file(f)->private_data; ··· 737 739 } else 738 740 drm_syncobj_put(syncobj); 739 741 740 - fdput(f); 741 742 return ret; 742 743 } 743 744

+6 -13

drivers/infiniband/core/ucma.c

··· 1615 1615 struct ucma_event *uevent, *tmp; 1616 1616 struct ucma_context *ctx; 1617 1617 LIST_HEAD(event_list); 1618 - struct fd f; 1619 1618 struct ucma_file *cur_file; 1620 1619 int ret = 0; 1621 1620 ··· 1622 1623 return -EFAULT; 1623 1624 1624 1625 /* Get current fd to protect against it being closed */ 1625 - f = fdget(cmd.fd); 1626 - if (!fd_file(f)) 1626 + CLASS(fd, f)(cmd.fd); 1627 + if (fd_empty(f)) 1627 1628 return -ENOENT; 1628 - if (fd_file(f)->f_op != &ucma_fops) { 1629 - ret = -EINVAL; 1630 - goto file_put; 1631 - } 1629 + if (fd_file(f)->f_op != &ucma_fops) 1630 + return -EINVAL; 1632 1631 cur_file = fd_file(f)->private_data; 1633 1632 1634 1633 /* Validate current fd and prevent destruction of id. */ 1635 1634 ctx = ucma_get_ctx(cur_file, cmd.id); 1636 - if (IS_ERR(ctx)) { 1637 - ret = PTR_ERR(ctx); 1638 - goto file_put; 1639 - } 1635 + if (IS_ERR(ctx)) 1636 + return PTR_ERR(ctx); 1640 1637 1641 1638 rdma_lock_handler(ctx->cm_id); 1642 1639 /* ··· 1673 1678 err_unlock: 1674 1679 rdma_unlock_handler(ctx->cm_id); 1675 1680 ucma_put_ctx(ctx); 1676 - file_put: 1677 - fdput(f); 1678 1681 return ret; 1679 1682 } 1680 1683

+3 -5

drivers/infiniband/core/uverbs_cmd.c

··· 584 584 if (cmd.fd != -1) { 585 585 /* search for file descriptor */ 586 586 f = fdget(cmd.fd); 587 - if (!fd_file(f)) { 587 + if (fd_empty(f)) { 588 588 ret = -EBADF; 589 589 goto err_tree_mutex_unlock; 590 590 } ··· 632 632 atomic_inc(&xrcd->usecnt); 633 633 } 634 634 635 - if (fd_file(f)) 636 - fdput(f); 635 + fdput(f); 637 636 638 637 mutex_unlock(&ibudev->xrcd_tree_mutex); 639 638 uobj_finalize_uobj_create(&obj->uobject, attrs); ··· 647 648 uobj_alloc_abort(&obj->uobject, attrs); 648 649 649 650 err_tree_mutex_unlock: 650 - if (fd_file(f)) 651 - fdput(f); 651 + fdput(f); 652 652 653 653 mutex_unlock(&ibudev->xrcd_tree_mutex); 654 654

+6 -12

drivers/media/mc/mc-request.c

··· 246 246 struct media_request * 247 247 media_request_get_by_fd(struct media_device *mdev, int request_fd) 248 248 { 249 - struct fd f; 250 249 struct media_request *req; 251 250 252 251 if (!mdev || !mdev->ops || 253 252 !mdev->ops->req_validate || !mdev->ops->req_queue) 254 253 return ERR_PTR(-EBADR); 255 254 256 - f = fdget(request_fd); 257 - if (!fd_file(f)) 258 - goto err_no_req_fd; 255 + CLASS(fd, f)(request_fd); 256 + if (fd_empty(f)) 257 + goto err; 259 258 260 259 if (fd_file(f)->f_op != &request_fops) 261 - goto err_fput; 260 + goto err; 262 261 req = fd_file(f)->private_data; 263 262 if (req->mdev != mdev) 264 - goto err_fput; 263 + goto err; 265 264 266 265 /* 267 266 * Note: as long as someone has an open filehandle of the request, ··· 271 272 * before media_request_get() is called. 272 273 */ 273 274 media_request_get(req); 274 - fdput(f); 275 - 276 275 return req; 277 276 278 - err_fput: 279 - fdput(f); 280 - 281 - err_no_req_fd: 277 + err: 282 278 dev_dbg(mdev->dev, "cannot find request_fd %d\n", request_fd); 283 279 return ERR_PTR(-EINVAL); 284 280 }

+4 -9

drivers/media/rc/lirc_dev.c

··· 815 815 816 816 struct rc_dev *rc_dev_get_from_fd(int fd, bool write) 817 817 { 818 - struct fd f = fdget(fd); 818 + CLASS(fd, f)(fd); 819 819 struct lirc_fh *fh; 820 820 struct rc_dev *dev; 821 821 822 - if (!fd_file(f)) 822 + if (fd_empty(f)) 823 823 return ERR_PTR(-EBADF); 824 824 825 - if (fd_file(f)->f_op != &lirc_fops) { 826 - fdput(f); 825 + if (fd_file(f)->f_op != &lirc_fops) 827 826 return ERR_PTR(-EINVAL); 828 - } 829 827 830 - if (write && !(fd_file(f)->f_mode & FMODE_WRITE)) { 831 - fdput(f); 828 + if (write && !(fd_file(f)->f_mode & FMODE_WRITE)) 832 829 return ERR_PTR(-EPERM); 833 - } 834 830 835 831 fh = fd_file(f)->private_data; 836 832 dev = fh->rc; 837 833 838 834 get_device(&dev->dev); 839 - fdput(f); 840 835 841 836 return dev; 842 837 }

+2 -4

drivers/vfio/group.c

··· 104 104 { 105 105 struct vfio_container *container; 106 106 struct iommufd_ctx *iommufd; 107 - struct fd f; 108 107 int ret; 109 108 int fd; 110 109 111 110 if (get_user(fd, arg)) 112 111 return -EFAULT; 113 112 114 - f = fdget(fd); 115 - if (!fd_file(f)) 113 + CLASS(fd, f)(fd); 114 + if (fd_empty(f)) 116 115 return -EBADF; 117 116 118 117 mutex_lock(&group->group_lock); ··· 152 153 153 154 out_unlock: 154 155 mutex_unlock(&group->group_lock); 155 - fdput(f); 156 156 return ret; 157 157 } 158 158

+3 -13

drivers/vfio/virqfd.c

··· 113 113 void (*thread)(void *, void *), 114 114 void *data, struct virqfd **pvirqfd, int fd) 115 115 { 116 - struct fd irqfd; 117 116 struct eventfd_ctx *ctx; 118 117 struct virqfd *virqfd; 119 118 int ret = 0; ··· 132 133 INIT_WORK(&virqfd->inject, virqfd_inject); 133 134 INIT_WORK(&virqfd->flush_inject, virqfd_flush_inject); 134 135 135 - irqfd = fdget(fd); 136 - if (!fd_file(irqfd)) { 136 + CLASS(fd, irqfd)(fd); 137 + if (fd_empty(irqfd)) { 137 138 ret = -EBADF; 138 139 goto err_fd; 139 140 } ··· 141 142 ctx = eventfd_ctx_fileget(fd_file(irqfd)); 142 143 if (IS_ERR(ctx)) { 143 144 ret = PTR_ERR(ctx); 144 - goto err_ctx; 145 + goto err_fd; 145 146 } 146 147 147 148 virqfd->eventfd = ctx; ··· 180 181 if ((!handler || handler(opaque, data)) && thread) 181 182 schedule_work(&virqfd->inject); 182 183 } 183 - 184 - /* 185 - * Do not drop the file until the irqfd is fully initialized, 186 - * otherwise we might race against the EPOLLHUP. 187 - */ 188 - fdput(irqfd); 189 - 190 184 return 0; 191 185 err_busy: 192 186 eventfd_ctx_put(ctx); 193 - err_ctx: 194 - fdput(irqfd); 195 187 err_fd: 196 188 kfree(virqfd); 197 189

+4 -9

drivers/virt/acrn/irqfd.c

··· 112 112 struct eventfd_ctx *eventfd = NULL; 113 113 struct hsm_irqfd *irqfd, *tmp; 114 114 __poll_t events; 115 - struct fd f; 116 115 int ret = 0; 117 116 118 117 irqfd = kzalloc(sizeof(*irqfd), GFP_KERNEL); ··· 123 124 INIT_LIST_HEAD(&irqfd->list); 124 125 INIT_WORK(&irqfd->shutdown, hsm_irqfd_shutdown_work); 125 126 126 - f = fdget(args->fd); 127 - if (!fd_file(f)) { 127 + CLASS(fd, f)(args->fd); 128 + if (fd_empty(f)) { 128 129 ret = -EBADF; 129 130 goto out; 130 131 } ··· 132 133 eventfd = eventfd_ctx_fileget(fd_file(f)); 133 134 if (IS_ERR(eventfd)) { 134 135 ret = PTR_ERR(eventfd); 135 - goto fail; 136 + goto out; 136 137 } 137 138 138 139 irqfd->eventfd = eventfd; ··· 161 162 if (events & EPOLLIN) 162 163 acrn_irqfd_inject(irqfd); 163 164 164 - fdput(f); 165 165 return 0; 166 166 fail: 167 - if (eventfd && !IS_ERR(eventfd)) 168 - eventfd_ctx_put(eventfd); 169 - 170 - fdput(f); 167 + eventfd_ctx_put(eventfd); 171 168 out: 172 169 kfree(irqfd); 173 170 return ret;

+5 -23

drivers/xen/privcmd.c

··· 965 965 struct privcmd_kernel_irqfd *kirqfd, *tmp; 966 966 unsigned long flags; 967 967 __poll_t events; 968 - struct fd f; 969 968 void *dm_op; 970 969 int ret, idx; 970 + 971 + CLASS(fd, f)(irqfd->fd); 971 972 972 973 kirqfd = kzalloc(sizeof(*kirqfd) + irqfd->size, GFP_KERNEL); 973 974 if (!kirqfd) ··· 985 984 kirqfd->dom = irqfd->dom; 986 985 INIT_WORK(&kirqfd->shutdown, irqfd_shutdown); 987 986 988 - f = fdget(irqfd->fd); 989 - if (!fd_file(f)) { 987 + if (fd_empty(f)) { 990 988 ret = -EBADF; 991 989 goto error_kfree; 992 990 } ··· 993 993 kirqfd->eventfd = eventfd_ctx_fileget(fd_file(f)); 994 994 if (IS_ERR(kirqfd->eventfd)) { 995 995 ret = PTR_ERR(kirqfd->eventfd); 996 - goto error_fd_put; 996 + goto error_kfree; 997 997 } 998 998 999 999 /* ··· 1026 1026 irqfd_inject(kirqfd); 1027 1027 1028 1028 srcu_read_unlock(&irqfds_srcu, idx); 1029 - 1030 - /* 1031 - * Do not drop the file until the kirqfd is fully initialized, otherwise 1032 - * we might race against the EPOLLHUP. 1033 - */ 1034 - fdput(f); 1035 1029 return 0; 1036 1030 1037 1031 error_eventfd: 1038 1032 eventfd_ctx_put(kirqfd->eventfd); 1039 - 1040 - error_fd_put: 1041 - fdput(f); 1042 1033 1043 1034 error_kfree: 1044 1035 kfree(kirqfd); ··· 1341 1350 struct privcmd_kernel_ioeventfd *kioeventfd; 1342 1351 struct privcmd_kernel_ioreq *kioreq; 1343 1352 unsigned long flags; 1344 - struct fd f; 1345 1353 int ret; 1346 1354 1347 1355 /* Check for range overflow */ ··· 1360 1370 if (!kioeventfd) 1361 1371 return -ENOMEM; 1362 1372 1363 - f = fdget(ioeventfd->event_fd); 1364 - if (!fd_file(f)) { 1365 - ret = -EBADF; 1366 - goto error_kfree; 1367 - } 1368 - 1369 - kioeventfd->eventfd = eventfd_ctx_fileget(fd_file(f)); 1370 - fdput(f); 1371 - 1373 + kioeventfd->eventfd = eventfd_ctx_fdget(ioeventfd->event_fd); 1372 1374 if (IS_ERR(kioeventfd->eventfd)) { 1373 1375 ret = PTR_ERR(kioeventfd->eventfd); 1374 1376 goto error_kfree;

+2 -3

fs/btrfs/ioctl.c

··· 1308 1308 ret = btrfs_mksubvol(&file->f_path, idmap, name, 1309 1309 namelen, NULL, readonly, inherit); 1310 1310 } else { 1311 - struct fd src = fdget(fd); 1311 + CLASS(fd, src)(fd); 1312 1312 struct inode *src_inode; 1313 - if (!fd_file(src)) { 1313 + if (fd_empty(src)) { 1314 1314 ret = -EINVAL; 1315 1315 goto out_drop_write; 1316 1316 } ··· 1341 1341 BTRFS_I(src_inode)->root, 1342 1342 readonly, inherit); 1343 1343 } 1344 - fdput(src); 1345 1344 } 1346 1345 out_drop_write: 1347 1346 mnt_drop_write_file(file);

+3 -6

fs/eventfd.c

··· 347 347 */ 348 348 struct eventfd_ctx *eventfd_ctx_fdget(int fd) 349 349 { 350 - struct eventfd_ctx *ctx; 351 - struct fd f = fdget(fd); 352 - if (!fd_file(f)) 350 + CLASS(fd, f)(fd); 351 + if (fd_empty(f)) 353 352 return ERR_PTR(-EBADF); 354 - ctx = eventfd_ctx_fileget(fd_file(f)); 355 - fdput(f); 356 - return ctx; 353 + return eventfd_ctx_fileget(fd_file(f)); 357 354 } 358 355 EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); 359 356

+11 -27

fs/eventpoll.c

··· 2259 2259 { 2260 2260 int error; 2261 2261 int full_check = 0; 2262 - struct fd f, tf; 2263 2262 struct eventpoll *ep; 2264 2263 struct epitem *epi; 2265 2264 struct eventpoll *tep = NULL; 2266 2265 2267 - error = -EBADF; 2268 - f = fdget(epfd); 2269 - if (!fd_file(f)) 2270 - goto error_return; 2266 + CLASS(fd, f)(epfd); 2267 + if (fd_empty(f)) 2268 + return -EBADF; 2271 2269 2272 2270 /* Get the "struct file *" for the target file */ 2273 - tf = fdget(fd); 2274 - if (!fd_file(tf)) 2275 - goto error_fput; 2271 + CLASS(fd, tf)(fd); 2272 + if (fd_empty(tf)) 2273 + return -EBADF; 2276 2274 2277 2275 /* The target file descriptor must support poll */ 2278 - error = -EPERM; 2279 2276 if (!file_can_poll(fd_file(tf))) 2280 - goto error_tgt_fput; 2277 + return -EPERM; 2281 2278 2282 2279 /* Check if EPOLLWAKEUP is allowed */ 2283 2280 if (ep_op_has_event(op)) ··· 2393 2396 loop_check_gen++; 2394 2397 mutex_unlock(&epnested_mutex); 2395 2398 } 2396 - 2397 - fdput(tf); 2398 - error_fput: 2399 - fdput(f); 2400 - error_return: 2401 - 2402 2399 return error; 2403 2400 } 2404 2401 ··· 2420 2429 static int do_epoll_wait(int epfd, struct epoll_event __user *events, 2421 2430 int maxevents, struct timespec64 *to) 2422 2431 { 2423 - int error; 2424 - struct fd f; 2425 2432 struct eventpoll *ep; 2426 2433 2427 2434 /* The maximum number of event must be greater than zero */ ··· 2431 2442 return -EFAULT; 2432 2443 2433 2444 /* Get the "struct file *" for the eventpoll file */ 2434 - f = fdget(epfd); 2435 - if (!fd_file(f)) 2445 + CLASS(fd, f)(epfd); 2446 + if (fd_empty(f)) 2436 2447 return -EBADF; 2437 2448 2438 2449 /* 2439 2450 * We have to check that the file structure underneath the fd 2440 2451 * the user passed to us _is_ an eventpoll file. 2441 2452 */ 2442 - error = -EINVAL; 2443 2453 if (!is_file_epoll(fd_file(f))) 2444 - goto error_fput; 2454 + return -EINVAL; 2445 2455 2446 2456 /* 2447 2457 * At this point it is safe to assume that the "private_data" contains ··· 2449 2461 ep = fd_file(f)->private_data; 2450 2462 2451 2463 /* Time to fish for events ... */ 2452 - error = ep_poll(ep, events, maxevents, to); 2453 - 2454 - error_fput: 2455 - fdput(f); 2456 - return error; 2464 + return ep_poll(ep, events, maxevents, to); 2457 2465 } 2458 2466 2459 2467 SYSCALL_DEFINE4(epoll_wait, int, epfd, struct epoll_event __user *, events,

+7 -14

fs/ext4/ioctl.c

··· 1330 1330 1331 1331 case EXT4_IOC_MOVE_EXT: { 1332 1332 struct move_extent me; 1333 - struct fd donor; 1334 1333 int err; 1335 1334 1336 1335 if (!(filp->f_mode & FMODE_READ) || ··· 1341 1342 return -EFAULT; 1342 1343 me.moved_len = 0; 1343 1344 1344 - donor = fdget(me.donor_fd); 1345 - if (!fd_file(donor)) 1345 + CLASS(fd, donor)(me.donor_fd); 1346 + if (fd_empty(donor)) 1346 1347 return -EBADF; 1347 1348 1348 - if (!(fd_file(donor)->f_mode & FMODE_WRITE)) { 1349 - err = -EBADF; 1350 - goto mext_out; 1351 - } 1349 + if (!(fd_file(donor)->f_mode & FMODE_WRITE)) 1350 + return -EBADF; 1352 1351 1353 1352 if (ext4_has_feature_bigalloc(sb)) { 1354 1353 ext4_msg(sb, KERN_ERR, 1355 1354 "Online defrag not supported with bigalloc"); 1356 - err = -EOPNOTSUPP; 1357 - goto mext_out; 1355 + return -EOPNOTSUPP; 1358 1356 } else if (IS_DAX(inode)) { 1359 1357 ext4_msg(sb, KERN_ERR, 1360 1358 "Online defrag not supported with DAX"); 1361 - err = -EOPNOTSUPP; 1362 - goto mext_out; 1359 + return -EOPNOTSUPP; 1363 1360 } 1364 1361 1365 1362 err = mnt_want_write_file(filp); 1366 1363 if (err) 1367 - goto mext_out; 1364 + return err; 1368 1365 1369 1366 err = ext4_move_extents(filp, fd_file(donor), me.orig_start, 1370 1367 me.donor_start, me.len, &me.moved_len); ··· 1369 1374 if (copy_to_user((struct move_extent __user *)arg, 1370 1375 &me, sizeof(me))) 1371 1376 err = -EFAULT; 1372 - mext_out: 1373 - fdput(donor); 1374 1377 return err; 1375 1378 } 1376 1379

+5 -10

fs/f2fs/file.c

··· 3038 3038 static int __f2fs_ioc_move_range(struct file *filp, 3039 3039 struct f2fs_move_range *range) 3040 3040 { 3041 - struct fd dst; 3042 3041 int err; 3043 3042 3044 3043 if (!(filp->f_mode & FMODE_READ) || 3045 3044 !(filp->f_mode & FMODE_WRITE)) 3046 3045 return -EBADF; 3047 3046 3048 - dst = fdget(range->dst_fd); 3049 - if (!fd_file(dst)) 3047 + CLASS(fd, dst)(range->dst_fd); 3048 + if (fd_empty(dst)) 3050 3049 return -EBADF; 3051 3050 3052 - if (!(fd_file(dst)->f_mode & FMODE_WRITE)) { 3053 - err = -EBADF; 3054 - goto err_out; 3055 - } 3051 + if (!(fd_file(dst)->f_mode & FMODE_WRITE)) 3052 + return -EBADF; 3056 3053 3057 3054 err = mnt_want_write_file(filp); 3058 3055 if (err) 3059 - goto err_out; 3056 + return err; 3060 3057 3061 3058 err = f2fs_move_file_range(filp, range->pos_in, fd_file(dst), 3062 3059 range->pos_out, range->len); 3063 3060 3064 3061 mnt_drop_write_file(filp); 3065 - err_out: 3066 - fdput(dst); 3067 3062 return err; 3068 3063 } 3069 3064

+17 -25

fs/fcntl.c

··· 572 572 573 573 SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) 574 574 { 575 - struct fd f = fdget_raw(fd); 576 - long err = -EBADF; 575 + CLASS(fd_raw, f)(fd); 576 + long err; 577 577 578 - if (!fd_file(f)) 579 - goto out; 578 + if (fd_empty(f)) 579 + return -EBADF; 580 580 581 581 if (unlikely(fd_file(f)->f_mode & FMODE_PATH)) { 582 582 if (!check_fcntl_cmd(cmd)) 583 - goto out1; 583 + return -EBADF; 584 584 } 585 585 586 586 err = security_file_fcntl(fd_file(f), cmd, arg); 587 587 if (!err) 588 588 err = do_fcntl(fd, cmd, arg, fd_file(f)); 589 589 590 - out1: 591 - fdput(f); 592 - out: 593 590 return err; 594 591 } 595 592 ··· 595 598 unsigned long, arg) 596 599 { 597 600 void __user *argp = (void __user *)arg; 598 - struct fd f = fdget_raw(fd); 601 + CLASS(fd_raw, f)(fd); 599 602 struct flock64 flock; 600 - long err = -EBADF; 603 + long err; 601 604 602 - if (!fd_file(f)) 603 - goto out; 605 + if (fd_empty(f)) 606 + return -EBADF; 604 607 605 608 if (unlikely(fd_file(f)->f_mode & FMODE_PATH)) { 606 609 if (!check_fcntl_cmd(cmd)) 607 - goto out1; 610 + return -EBADF; 608 611 } 609 612 610 613 err = security_file_fcntl(fd_file(f), cmd, arg); 611 614 if (err) 612 - goto out1; 615 + return err; 613 616 614 617 switch (cmd) { 615 618 case F_GETLK64: ··· 634 637 err = do_fcntl(fd, cmd, arg, fd_file(f)); 635 638 break; 636 639 } 637 - out1: 638 - fdput(f); 639 - out: 640 640 return err; 641 641 } 642 642 #endif ··· 729 735 static long do_compat_fcntl64(unsigned int fd, unsigned int cmd, 730 736 compat_ulong_t arg) 731 737 { 732 - struct fd f = fdget_raw(fd); 738 + CLASS(fd_raw, f)(fd); 733 739 struct flock flock; 734 - long err = -EBADF; 740 + long err; 735 741 736 - if (!fd_file(f)) 737 - return err; 742 + if (fd_empty(f)) 743 + return -EBADF; 738 744 739 745 if (unlikely(fd_file(f)->f_mode & FMODE_PATH)) { 740 746 if (!check_fcntl_cmd(cmd)) 741 - goto out_put; 747 + return -EBADF; 742 748 } 743 749 744 750 err = security_file_fcntl(fd_file(f), cmd, arg); 745 751 if (err) 746 - goto out_put; 752 + return err; 747 753 748 754 switch (cmd) { 749 755 case F_GETLK: ··· 786 792 err = do_fcntl(fd, cmd, arg, fd_file(f)); 787 793 break; 788 794 } 789 - out_put: 790 - fdput(f); 791 795 return err; 792 796 } 793 797

+2 -3

fs/fhandle.c

··· 139 139 path_get(root); 140 140 spin_unlock(&fs->lock); 141 141 } else { 142 - struct fd f = fdget(fd); 143 - if (!fd_file(f)) 142 + CLASS(fd, f)(fd); 143 + if (fd_empty(f)) 144 144 return -EBADF; 145 145 *root = fd_file(f)->f_path; 146 146 path_get(root); 147 - fdput(f); 148 147 } 149 148 150 149 return 0;

+6 -13

fs/fsopen.c

··· 349 349 int, aux) 350 350 { 351 351 struct fs_context *fc; 352 - struct fd f; 353 352 int ret; 354 353 int lookup_flags = 0; 355 354 ··· 391 392 return -EOPNOTSUPP; 392 393 } 393 394 394 - f = fdget(fd); 395 - if (!fd_file(f)) 395 + CLASS(fd, f)(fd); 396 + if (fd_empty(f)) 396 397 return -EBADF; 397 - ret = -EINVAL; 398 398 if (fd_file(f)->f_op != &fscontext_fops) 399 - goto out_f; 399 + return -EINVAL; 400 400 401 401 fc = fd_file(f)->private_data; 402 402 if (fc->ops == &legacy_fs_context_ops) { ··· 405 407 case FSCONFIG_SET_PATH_EMPTY: 406 408 case FSCONFIG_SET_FD: 407 409 case FSCONFIG_CMD_CREATE_EXCL: 408 - ret = -EOPNOTSUPP; 409 - goto out_f; 410 + return -EOPNOTSUPP; 410 411 } 411 412 } 412 413 413 414 if (_key) { 414 415 param.key = strndup_user(_key, 256); 415 - if (IS_ERR(param.key)) { 416 - ret = PTR_ERR(param.key); 417 - goto out_f; 418 - } 416 + if (IS_ERR(param.key)) 417 + return PTR_ERR(param.key); 419 418 } 420 419 421 420 switch (cmd) { ··· 491 496 } 492 497 out_key: 493 498 kfree(param.key); 494 - out_f: 495 - fdput(f); 496 499 return ret; 497 500 }

+2 -4

fs/fuse/dev.c

··· 2371 2371 int res; 2372 2372 int oldfd; 2373 2373 struct fuse_dev *fud = NULL; 2374 - struct fd f; 2375 2374 2376 2375 if (get_user(oldfd, argp)) 2377 2376 return -EFAULT; 2378 2377 2379 - f = fdget(oldfd); 2380 - if (!fd_file(f)) 2378 + CLASS(fd, f)(oldfd); 2379 + if (fd_empty(f)) 2381 2380 return -EINVAL; 2382 2381 2383 2382 /* ··· 2393 2394 mutex_unlock(&fuse_mutex); 2394 2395 } 2395 2396 2396 - fdput(f); 2397 2397 return res; 2398 2398 } 2399 2399

+8 -15

fs/ioctl.c

··· 231 231 static long ioctl_file_clone(struct file *dst_file, unsigned long srcfd, 232 232 u64 off, u64 olen, u64 destoff) 233 233 { 234 - struct fd src_file = fdget(srcfd); 234 + CLASS(fd, src_file)(srcfd); 235 235 loff_t cloned; 236 236 int ret; 237 237 238 - if (!fd_file(src_file)) 238 + if (fd_empty(src_file)) 239 239 return -EBADF; 240 240 cloned = vfs_clone_file_range(fd_file(src_file), off, dst_file, destoff, 241 241 olen, 0); ··· 245 245 ret = -EINVAL; 246 246 else 247 247 ret = 0; 248 - fdput(src_file); 249 248 return ret; 250 249 } 251 250 ··· 891 892 892 893 SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) 893 894 { 894 - struct fd f = fdget(fd); 895 + CLASS(fd, f)(fd); 895 896 int error; 896 897 897 - if (!fd_file(f)) 898 + if (fd_empty(f)) 898 899 return -EBADF; 899 900 900 901 error = security_file_ioctl(fd_file(f), cmd, arg); 901 902 if (error) 902 - goto out; 903 + return error; 903 904 904 905 error = do_vfs_ioctl(fd_file(f), fd, cmd, arg); 905 906 if (error == -ENOIOCTLCMD) 906 907 error = vfs_ioctl(fd_file(f), cmd, arg); 907 908 908 - out: 909 - fdput(f); 910 909 return error; 911 910 } 912 911 ··· 947 950 COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, 948 951 compat_ulong_t, arg) 949 952 { 950 - struct fd f = fdget(fd); 953 + CLASS(fd, f)(fd); 951 954 int error; 952 955 953 - if (!fd_file(f)) 956 + if (fd_empty(f)) 954 957 return -EBADF; 955 958 956 959 error = security_file_ioctl_compat(fd_file(f), cmd, arg); 957 960 if (error) 958 - goto out; 961 + return error; 959 962 960 963 switch (cmd) { 961 964 /* FICLONE takes an int argument, so don't use compat_ptr() */ ··· 1006 1009 error = -ENOTTY; 1007 1010 break; 1008 1011 } 1009 - 1010 - out: 1011 - fdput(f); 1012 - 1013 1012 return error; 1014 1013 } 1015 1014 #endif

+4 -8

fs/kernel_read_file.c

··· 175 175 size_t buf_size, size_t *file_size, 176 176 enum kernel_read_file_id id) 177 177 { 178 - struct fd f = fdget(fd); 179 - ssize_t ret = -EBADF; 178 + CLASS(fd, f)(fd); 180 179 181 - if (!fd_file(f) || !(fd_file(f)->f_mode & FMODE_READ)) 182 - goto out; 180 + if (fd_empty(f) || !(fd_file(f)->f_mode & FMODE_READ)) 181 + return -EBADF; 183 182 184 - ret = kernel_read_file(fd_file(f), offset, buf, buf_size, file_size, id); 185 - out: 186 - fdput(f); 187 - return ret; 183 + return kernel_read_file(fd_file(f), offset, buf, buf_size, file_size, id); 188 184 } 189 185 EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);

+5 -10

fs/locks.c

··· 2136 2136 { 2137 2137 int can_sleep, error, type; 2138 2138 struct file_lock fl; 2139 - struct fd f; 2140 2139 2141 2140 /* 2142 2141 * LOCK_MAND locks were broken for a long time in that they never ··· 2154 2155 if (type < 0) 2155 2156 return type; 2156 2157 2157 - error = -EBADF; 2158 - f = fdget(fd); 2159 - if (!fd_file(f)) 2160 - return error; 2158 + CLASS(fd, f)(fd); 2159 + if (fd_empty(f)) 2160 + return -EBADF; 2161 2161 2162 2162 if (type != F_UNLCK && !(fd_file(f)->f_mode & (FMODE_READ | FMODE_WRITE))) 2163 - goto out_putf; 2163 + return -EBADF; 2164 2164 2165 2165 flock_make_lock(fd_file(f), &fl, type); 2166 2166 2167 2167 error = security_file_lock(fd_file(f), fl.c.flc_type); 2168 2168 if (error) 2169 - goto out_putf; 2169 + return error; 2170 2170 2171 2171 can_sleep = !(cmd & LOCK_NB); 2172 2172 if (can_sleep) ··· 2179 2181 error = locks_lock_file_wait(fd_file(f), &fl); 2180 2182 2181 2183 locks_release_private(&fl); 2182 - out_putf: 2183 - fdput(f); 2184 - 2185 2184 return error; 2186 2185 } 2187 2186

+4 -9

fs/namei.c

··· 2544 2544 } 2545 2545 } else { 2546 2546 /* Caller must check execute permissions on the starting path component */ 2547 - struct fd f = fdget_raw(nd->dfd); 2547 + CLASS(fd_raw, f)(nd->dfd); 2548 2548 struct dentry *dentry; 2549 2549 2550 - if (!fd_file(f)) 2550 + if (fd_empty(f)) 2551 2551 return ERR_PTR(-EBADF); 2552 2552 2553 2553 if (flags & LOOKUP_LINKAT_EMPTY) { 2554 2554 if (fd_file(f)->f_cred != current_cred() && 2555 - !ns_capable(fd_file(f)->f_cred->user_ns, CAP_DAC_READ_SEARCH)) { 2556 - fdput(f); 2555 + !ns_capable(fd_file(f)->f_cred->user_ns, CAP_DAC_READ_SEARCH)) 2557 2556 return ERR_PTR(-ENOENT); 2558 - } 2559 2557 } 2560 2558 2561 2559 dentry = fd_file(f)->f_path.dentry; 2562 2560 2563 - if (*s && unlikely(!d_can_lookup(dentry))) { 2564 - fdput(f); 2561 + if (*s && unlikely(!d_can_lookup(dentry))) 2565 2562 return ERR_PTR(-ENOTDIR); 2566 - } 2567 2563 2568 2564 nd->path = fd_file(f)->f_path; 2569 2565 if (flags & LOOKUP_RCU) { ··· 2569 2573 path_get(&nd->path); 2570 2574 nd->inode = nd->path.dentry->d_inode; 2571 2575 } 2572 - fdput(f); 2573 2576 } 2574 2577 2575 2578 /* For scoped-lookups we need to set the root to the dirfd as well. */

+15 -32

fs/namespace.c

··· 4107 4107 struct file *file; 4108 4108 struct path newmount; 4109 4109 struct mount *mnt; 4110 - struct fd f; 4111 4110 unsigned int mnt_flags = 0; 4112 4111 long ret; 4113 4112 ··· 4134 4135 return -EINVAL; 4135 4136 } 4136 4137 4137 - f = fdget(fs_fd); 4138 - if (!fd_file(f)) 4138 + CLASS(fd, f)(fs_fd); 4139 + if (fd_empty(f)) 4139 4140 return -EBADF; 4140 4141 4141 - ret = -EINVAL; 4142 4142 if (fd_file(f)->f_op != &fscontext_fops) 4143 - goto err_fsfd; 4143 + return -EINVAL; 4144 4144 4145 4145 fc = fd_file(f)->private_data; 4146 4146 4147 4147 ret = mutex_lock_interruptible(&fc->uapi_mutex); 4148 4148 if (ret < 0) 4149 - goto err_fsfd; 4149 + return ret; 4150 4150 4151 4151 /* There must be a valid superblock or we can't mount it */ 4152 4152 ret = -EINVAL; ··· 4212 4214 path_put(&newmount); 4213 4215 err_unlock: 4214 4216 mutex_unlock(&fc->uapi_mutex); 4215 - err_fsfd: 4216 - fdput(f); 4217 4217 return ret; 4218 4218 } 4219 4219 ··· 4666 4670 static int build_mount_idmapped(const struct mount_attr *attr, size_t usize, 4667 4671 struct mount_kattr *kattr, unsigned int flags) 4668 4672 { 4669 - int err = 0; 4670 4673 struct ns_common *ns; 4671 4674 struct user_namespace *mnt_userns; 4672 - struct fd f; 4673 4675 4674 4676 if (!((attr->attr_set | attr->attr_clr) & MOUNT_ATTR_IDMAP)) 4675 4677 return 0; ··· 4683 4689 if (attr->userns_fd > INT_MAX) 4684 4690 return -EINVAL; 4685 4691 4686 - f = fdget(attr->userns_fd); 4687 - if (!fd_file(f)) 4692 + CLASS(fd, f)(attr->userns_fd); 4693 + if (fd_empty(f)) 4688 4694 return -EBADF; 4689 4695 4690 - if (!proc_ns_file(fd_file(f))) { 4691 - err = -EINVAL; 4692 - goto out_fput; 4693 - } 4696 + if (!proc_ns_file(fd_file(f))) 4697 + return -EINVAL; 4694 4698 4695 4699 ns = get_proc_ns(file_inode(fd_file(f))); 4696 - if (ns->ops->type != CLONE_NEWUSER) { 4697 - err = -EINVAL; 4698 - goto out_fput; 4699 - } 4700 + if (ns->ops->type != CLONE_NEWUSER) 4701 + return -EINVAL; 4700 4702 4701 4703 /* 4702 4704 * The initial idmapping cannot be used to create an idmapped ··· 4703 4713 * result. 4704 4714 */ 4705 4715 mnt_userns = container_of(ns, struct user_namespace, ns); 4706 - if (mnt_userns == &init_user_ns) { 4707 - err = -EPERM; 4708 - goto out_fput; 4709 - } 4716 + if (mnt_userns == &init_user_ns) 4717 + return -EPERM; 4710 4718 4711 4719 /* We're not controlling the target namespace. */ 4712 - if (!ns_capable(mnt_userns, CAP_SYS_ADMIN)) { 4713 - err = -EPERM; 4714 - goto out_fput; 4715 - } 4720 + if (!ns_capable(mnt_userns, CAP_SYS_ADMIN)) 4721 + return -EPERM; 4716 4722 4717 4723 kattr->mnt_userns = get_user_ns(mnt_userns); 4718 - 4719 - out_fput: 4720 - fdput(f); 4721 - return err; 4724 + return 0; 4722 4725 } 4723 4726 4724 4727 static int build_mount_kattr(const struct mount_attr *attr, size_t usize,

+16 -28

fs/notify/fanotify/fanotify_user.c

··· 1002 1002 dfd, filename, flags); 1003 1003 1004 1004 if (filename == NULL) { 1005 - struct fd f = fdget(dfd); 1005 + CLASS(fd, f)(dfd); 1006 1006 1007 - ret = -EBADF; 1008 - if (!fd_file(f)) 1009 - goto out; 1007 + if (fd_empty(f)) 1008 + return -EBADF; 1010 1009 1011 - ret = -ENOTDIR; 1012 1010 if ((flags & FAN_MARK_ONLYDIR) && 1013 - !(S_ISDIR(file_inode(fd_file(f))->i_mode))) { 1014 - fdput(f); 1015 - goto out; 1016 - } 1011 + !(S_ISDIR(file_inode(fd_file(f))->i_mode))) 1012 + return -ENOTDIR; 1017 1013 1018 1014 *path = fd_file(f)->f_path; 1019 1015 path_get(path); 1020 - fdput(f); 1021 1016 } else { 1022 1017 unsigned int lookup_flags = 0; 1023 1018 ··· 1676 1681 struct inode *inode = NULL; 1677 1682 struct vfsmount *mnt = NULL; 1678 1683 struct fsnotify_group *group; 1679 - struct fd f; 1680 1684 struct path path; 1681 1685 struct fan_fsid __fsid, *fsid = NULL; 1682 1686 u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS; ··· 1745 1751 umask = FANOTIFY_EVENT_FLAGS; 1746 1752 } 1747 1753 1748 - f = fdget(fanotify_fd); 1749 - if (unlikely(!fd_file(f))) 1754 + CLASS(fd, f)(fanotify_fd); 1755 + if (fd_empty(f)) 1750 1756 return -EBADF; 1751 1757 1752 1758 /* verify that this is indeed an fanotify instance */ 1753 - ret = -EINVAL; 1754 1759 if (unlikely(fd_file(f)->f_op != &fanotify_fops)) 1755 - goto fput_and_out; 1760 + return -EINVAL; 1756 1761 group = fd_file(f)->private_data; 1757 1762 1758 1763 /* ··· 1759 1766 * marks. This also includes setting up such marks by a group that 1760 1767 * was initialized by an unprivileged user. 1761 1768 */ 1762 - ret = -EPERM; 1763 1769 if ((!capable(CAP_SYS_ADMIN) || 1764 1770 FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV)) && 1765 1771 mark_type != FAN_MARK_INODE) 1766 - goto fput_and_out; 1772 + return -EPERM; 1767 1773 1768 1774 /* 1769 1775 * Permission events require minimum priority FAN_CLASS_CONTENT. 1770 1776 */ 1771 - ret = -EINVAL; 1772 1777 if (mask & FANOTIFY_PERM_EVENTS && 1773 1778 group->priority < FSNOTIFY_PRIO_CONTENT) 1774 - goto fput_and_out; 1779 + return -EINVAL; 1775 1780 1776 1781 if (mask & FAN_FS_ERROR && 1777 1782 mark_type != FAN_MARK_FILESYSTEM) 1778 - goto fput_and_out; 1783 + return -EINVAL; 1779 1784 1780 1785 /* 1781 1786 * Evictable is only relevant for inode marks, because only inode object ··· 1781 1790 */ 1782 1791 if (flags & FAN_MARK_EVICTABLE && 1783 1792 mark_type != FAN_MARK_INODE) 1784 - goto fput_and_out; 1793 + return -EINVAL; 1785 1794 1786 1795 /* 1787 1796 * Events that do not carry enough information to report ··· 1793 1802 fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS); 1794 1803 if (mask & ~(FANOTIFY_FD_EVENTS|FANOTIFY_EVENT_FLAGS) && 1795 1804 (!fid_mode || mark_type == FAN_MARK_MOUNT)) 1796 - goto fput_and_out; 1805 + return -EINVAL; 1797 1806 1798 1807 /* 1799 1808 * FAN_RENAME uses special info type records to report the old and ··· 1801 1810 * useful and was not implemented. 1802 1811 */ 1803 1812 if (mask & FAN_RENAME && !(fid_mode & FAN_REPORT_NAME)) 1804 - goto fput_and_out; 1813 + return -EINVAL; 1805 1814 1806 1815 if (mark_cmd == FAN_MARK_FLUSH) { 1807 - ret = 0; 1808 1816 if (mark_type == FAN_MARK_MOUNT) 1809 1817 fsnotify_clear_vfsmount_marks_by_group(group); 1810 1818 else if (mark_type == FAN_MARK_FILESYSTEM) 1811 1819 fsnotify_clear_sb_marks_by_group(group); 1812 1820 else 1813 1821 fsnotify_clear_inode_marks_by_group(group); 1814 - goto fput_and_out; 1822 + return 0; 1815 1823 } 1816 1824 1817 1825 ret = fanotify_find_path(dfd, pathname, &path, flags, 1818 1826 (mask & ALL_FSNOTIFY_EVENTS), obj_type); 1819 1827 if (ret) 1820 - goto fput_and_out; 1828 + return ret; 1821 1829 1822 1830 if (mark_cmd == FAN_MARK_ADD) { 1823 1831 ret = fanotify_events_supported(group, &path, mask, flags); ··· 1895 1905 1896 1906 path_put_and_out: 1897 1907 path_put(&path); 1898 - fput_and_out: 1899 - fdput(f); 1900 1908 return ret; 1901 1909 } 1902 1910

+12 -26

fs/notify/inotify/inotify_user.c

··· 732 732 struct fsnotify_group *group; 733 733 struct inode *inode; 734 734 struct path path; 735 - struct fd f; 736 735 int ret; 737 736 unsigned flags = 0; 738 737 ··· 751 752 if (unlikely(!(mask & ALL_INOTIFY_BITS))) 752 753 return -EINVAL; 753 754 754 - f = fdget(fd); 755 - if (unlikely(!fd_file(f))) 755 + CLASS(fd, f)(fd); 756 + if (fd_empty(f)) 756 757 return -EBADF; 757 758 758 759 /* IN_MASK_ADD and IN_MASK_CREATE don't make sense together */ 759 - if (unlikely((mask & IN_MASK_ADD) && (mask & IN_MASK_CREATE))) { 760 - ret = -EINVAL; 761 - goto fput_and_out; 762 - } 760 + if (unlikely((mask & IN_MASK_ADD) && (mask & IN_MASK_CREATE))) 761 + return -EINVAL; 763 762 764 763 /* verify that this is indeed an inotify instance */ 765 - if (unlikely(fd_file(f)->f_op != &inotify_fops)) { 766 - ret = -EINVAL; 767 - goto fput_and_out; 768 - } 764 + if (unlikely(fd_file(f)->f_op != &inotify_fops)) 765 + return -EINVAL; 769 766 770 767 if (!(mask & IN_DONT_FOLLOW)) 771 768 flags |= LOOKUP_FOLLOW; ··· 771 776 ret = inotify_find_inode(pathname, &path, flags, 772 777 (mask & IN_ALL_EVENTS)); 773 778 if (ret) 774 - goto fput_and_out; 779 + return ret; 775 780 776 781 /* inode held in place by reference to path; group by fget on fd */ 777 782 inode = path.dentry->d_inode; ··· 780 785 /* create/update an inode mark */ 781 786 ret = inotify_update_watch(group, inode, mask); 782 787 path_put(&path); 783 - fput_and_out: 784 - fdput(f); 785 788 return ret; 786 789 } 787 790 ··· 787 794 { 788 795 struct fsnotify_group *group; 789 796 struct inotify_inode_mark *i_mark; 790 - struct fd f; 791 - int ret = -EINVAL; 797 + CLASS(fd, f)(fd); 792 798 793 - f = fdget(fd); 794 - if (unlikely(!fd_file(f))) 799 + if (fd_empty(f)) 795 800 return -EBADF; 796 801 797 802 /* verify that this is indeed an inotify instance */ 798 803 if (unlikely(fd_file(f)->f_op != &inotify_fops)) 799 - goto out; 804 + return -EINVAL; 800 805 801 806 group = fd_file(f)->private_data; 802 807 803 808 i_mark = inotify_idr_find(group, wd); 804 809 if (unlikely(!i_mark)) 805 - goto out; 806 - 807 - ret = 0; 810 + return -EINVAL; 808 811 809 812 fsnotify_destroy_mark(&i_mark->fsn_mark, group); 810 813 811 814 /* match ref taken by inotify_idr_find */ 812 815 fsnotify_put_mark(&i_mark->fsn_mark); 813 - 814 - out: 815 - fdput(f); 816 - return ret; 816 + return 0; 817 817 } 818 818 819 819 /*

+10 -14

fs/ocfs2/cluster/heartbeat.c

··· 1765 1765 long fd; 1766 1766 int sectsize; 1767 1767 char *p = (char *)page; 1768 - struct fd f; 1769 1768 ssize_t ret = -EINVAL; 1770 1769 int live_threshold; 1771 1770 1772 1771 if (reg->hr_bdev_file) 1773 - goto out; 1772 + return -EINVAL; 1774 1773 1775 1774 /* We can't heartbeat without having had our node number 1776 1775 * configured yet. */ 1777 1776 if (o2nm_this_node() == O2NM_MAX_NODES) 1778 - goto out; 1777 + return -EINVAL; 1779 1778 1780 1779 fd = simple_strtol(p, &p, 0); 1781 1780 if (!p || (*p && (*p != '\n'))) 1782 - goto out; 1781 + return -EINVAL; 1783 1782 1784 1783 if (fd < 0 || fd >= INT_MAX) 1785 - goto out; 1784 + return -EINVAL; 1786 1785 1787 - f = fdget(fd); 1788 - if (fd_file(f) == NULL) 1789 - goto out; 1786 + CLASS(fd, f)(fd); 1787 + if (fd_empty(f)) 1788 + return -EINVAL; 1790 1789 1791 1790 if (reg->hr_blocks == 0 || reg->hr_start_block == 0 || 1792 1791 reg->hr_block_bytes == 0) 1793 - goto out2; 1792 + return -EINVAL; 1794 1793 1795 1794 if (!S_ISBLK(fd_file(f)->f_mapping->host->i_mode)) 1796 - goto out2; 1795 + return -EINVAL; 1797 1796 1798 1797 reg->hr_bdev_file = bdev_file_open_by_dev(fd_file(f)->f_mapping->host->i_rdev, 1799 1798 BLK_OPEN_WRITE | BLK_OPEN_READ, NULL, NULL); 1800 1799 if (IS_ERR(reg->hr_bdev_file)) { 1801 1800 ret = PTR_ERR(reg->hr_bdev_file); 1802 1801 reg->hr_bdev_file = NULL; 1803 - goto out2; 1802 + return ret; 1804 1803 } 1805 1804 1806 1805 sectsize = bdev_logical_block_size(reg_bdev(reg)); ··· 1905 1906 fput(reg->hr_bdev_file); 1906 1907 reg->hr_bdev_file = NULL; 1907 1908 } 1908 - out2: 1909 - fdput(f); 1910 - out: 1911 1909 return ret; 1912 1910 } 1913 1911

+22 -39

fs/open.c

··· 187 187 188 188 long do_sys_ftruncate(unsigned int fd, loff_t length, int small) 189 189 { 190 - struct fd f; 191 - int error; 192 - 193 190 if (length < 0) 194 191 return -EINVAL; 195 - f = fdget(fd); 196 - if (!fd_file(f)) 192 + CLASS(fd, f)(fd); 193 + if (fd_empty(f)) 197 194 return -EBADF; 198 195 199 - error = do_ftruncate(fd_file(f), length, small); 200 - 201 - fdput(f); 202 - return error; 196 + return do_ftruncate(fd_file(f), length, small); 203 197 } 204 198 205 199 SYSCALL_DEFINE2(ftruncate, unsigned int, fd, off_t, length) ··· 343 349 344 350 int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len) 345 351 { 346 - struct fd f = fdget(fd); 347 - int error = -EBADF; 352 + CLASS(fd, f)(fd); 348 353 349 - if (fd_file(f)) { 350 - error = vfs_fallocate(fd_file(f), mode, offset, len); 351 - fdput(f); 352 - } 353 - return error; 354 + if (fd_empty(f)) 355 + return -EBADF; 356 + 357 + return vfs_fallocate(fd_file(f), mode, offset, len); 354 358 } 355 359 356 360 SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) ··· 572 580 573 581 SYSCALL_DEFINE1(fchdir, unsigned int, fd) 574 582 { 575 - struct fd f = fdget_raw(fd); 583 + CLASS(fd_raw, f)(fd); 576 584 int error; 577 585 578 - error = -EBADF; 579 - if (!fd_file(f)) 580 - goto out; 586 + if (fd_empty(f)) 587 + return -EBADF; 581 588 582 - error = -ENOTDIR; 583 589 if (!d_can_lookup(fd_file(f)->f_path.dentry)) 584 - goto out_putf; 590 + return -ENOTDIR; 585 591 586 592 error = file_permission(fd_file(f), MAY_EXEC | MAY_CHDIR); 587 593 if (!error) 588 594 set_fs_pwd(current->fs, &fd_file(f)->f_path); 589 - out_putf: 590 - fdput(f); 591 - out: 592 595 return error; 593 596 } 594 597 ··· 658 671 659 672 SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) 660 673 { 661 - struct fd f = fdget(fd); 662 - int err = -EBADF; 674 + CLASS(fd, f)(fd); 663 675 664 - if (fd_file(f)) { 665 - err = vfs_fchmod(fd_file(f), mode); 666 - fdput(f); 667 - } 668 - return err; 676 + if (fd_empty(f)) 677 + return -EBADF; 678 + 679 + return vfs_fchmod(fd_file(f), mode); 669 680 } 670 681 671 682 static int do_fchmodat(int dfd, const char __user *filename, umode_t mode, ··· 850 865 851 866 int ksys_fchown(unsigned int fd, uid_t user, gid_t group) 852 867 { 853 - struct fd f = fdget(fd); 854 - int error = -EBADF; 868 + CLASS(fd, f)(fd); 855 869 856 - if (fd_file(f)) { 857 - error = vfs_fchown(fd_file(f), user, group); 858 - fdput(f); 859 - } 860 - return error; 870 + if (fd_empty(f)) 871 + return -EBADF; 872 + 873 + return vfs_fchown(fd_file(f), user, group); 861 874 } 862 875 863 876 SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)

+4 -8

fs/quota/quota.c

··· 976 976 struct super_block *sb; 977 977 unsigned int cmds = cmd >> SUBCMDSHIFT; 978 978 unsigned int type = cmd & SUBCMDMASK; 979 - struct fd f; 979 + CLASS(fd_raw, f)(fd); 980 980 int ret; 981 981 982 - f = fdget_raw(fd); 983 - if (!fd_file(f)) 982 + if (fd_empty(f)) 984 983 return -EBADF; 985 984 986 - ret = -EINVAL; 987 985 if (type >= MAXQUOTAS) 988 - goto out; 986 + return -EINVAL; 989 987 990 988 if (quotactl_cmd_write(cmds)) { 991 989 ret = mnt_want_write(fd_file(f)->f_path.mnt); 992 990 if (ret) 993 - goto out; 991 + return ret; 994 992 } 995 993 996 994 sb = fd_file(f)->f_path.mnt->mnt_sb; ··· 1006 1008 1007 1009 if (quotactl_cmd_write(cmds)) 1008 1010 mnt_drop_write(fd_file(f)->f_path.mnt); 1009 - out: 1010 - fdput(f); 1011 1011 return ret; 1012 1012 }

+52 -93

fs/read_write.c

··· 386 386 static off_t ksys_lseek(unsigned int fd, off_t offset, unsigned int whence) 387 387 { 388 388 off_t retval; 389 - struct fd f = fdget_pos(fd); 390 - if (!fd_file(f)) 389 + CLASS(fd_pos, f)(fd); 390 + if (fd_empty(f)) 391 391 return -EBADF; 392 392 393 393 retval = -EINVAL; ··· 397 397 if (res != (loff_t)retval) 398 398 retval = -EOVERFLOW; /* LFS: should only happen on 32 bit platforms */ 399 399 } 400 - fdput_pos(f); 401 400 return retval; 402 401 } 403 402 ··· 419 420 unsigned int, whence) 420 421 { 421 422 int retval; 422 - struct fd f = fdget_pos(fd); 423 + CLASS(fd_pos, f)(fd); 423 424 loff_t offset; 424 425 425 - if (!fd_file(f)) 426 + if (fd_empty(f)) 426 427 return -EBADF; 427 428 428 - retval = -EINVAL; 429 429 if (whence > SEEK_MAX) 430 - goto out_putf; 430 + return -EINVAL; 431 431 432 432 offset = vfs_llseek(fd_file(f), ((loff_t) offset_high << 32) | offset_low, 433 433 whence); ··· 437 439 if (!copy_to_user(result, &offset, sizeof(offset))) 438 440 retval = 0; 439 441 } 440 - out_putf: 441 - fdput_pos(f); 442 442 return retval; 443 443 } 444 444 #endif ··· 696 700 697 701 ssize_t ksys_read(unsigned int fd, char __user *buf, size_t count) 698 702 { 699 - struct fd f = fdget_pos(fd); 703 + CLASS(fd_pos, f)(fd); 700 704 ssize_t ret = -EBADF; 701 705 702 - if (fd_file(f)) { 706 + if (!fd_empty(f)) { 703 707 loff_t pos, *ppos = file_ppos(fd_file(f)); 704 708 if (ppos) { 705 709 pos = *ppos; ··· 708 712 ret = vfs_read(fd_file(f), buf, count, ppos); 709 713 if (ret >= 0 && ppos) 710 714 fd_file(f)->f_pos = pos; 711 - fdput_pos(f); 712 715 } 713 716 return ret; 714 717 } ··· 719 724 720 725 ssize_t ksys_write(unsigned int fd, const char __user *buf, size_t count) 721 726 { 722 - struct fd f = fdget_pos(fd); 727 + CLASS(fd_pos, f)(fd); 723 728 ssize_t ret = -EBADF; 724 729 725 - if (fd_file(f)) { 730 + if (!fd_empty(f)) { 726 731 loff_t pos, *ppos = file_ppos(fd_file(f)); 727 732 if (ppos) { 728 733 pos = *ppos; ··· 731 736 ret = vfs_write(fd_file(f), buf, count, ppos); 732 737 if (ret >= 0 && ppos) 733 738 fd_file(f)->f_pos = pos; 734 - fdput_pos(f); 735 739 } 736 740 737 741 return ret; ··· 745 751 ssize_t ksys_pread64(unsigned int fd, char __user *buf, size_t count, 746 752 loff_t pos) 747 753 { 748 - struct fd f; 749 - ssize_t ret = -EBADF; 750 - 751 754 if (pos < 0) 752 755 return -EINVAL; 753 756 754 - f = fdget(fd); 755 - if (fd_file(f)) { 756 - ret = -ESPIPE; 757 - if (fd_file(f)->f_mode & FMODE_PREAD) 758 - ret = vfs_read(fd_file(f), buf, count, &pos); 759 - fdput(f); 760 - } 757 + CLASS(fd, f)(fd); 758 + if (fd_empty(f)) 759 + return -EBADF; 761 760 762 - return ret; 761 + if (fd_file(f)->f_mode & FMODE_PREAD) 762 + return vfs_read(fd_file(f), buf, count, &pos); 763 + 764 + return -ESPIPE; 763 765 } 764 766 765 767 SYSCALL_DEFINE4(pread64, unsigned int, fd, char __user *, buf, ··· 775 785 ssize_t ksys_pwrite64(unsigned int fd, const char __user *buf, 776 786 size_t count, loff_t pos) 777 787 { 778 - struct fd f; 779 - ssize_t ret = -EBADF; 780 - 781 788 if (pos < 0) 782 789 return -EINVAL; 783 790 784 - f = fdget(fd); 785 - if (fd_file(f)) { 786 - ret = -ESPIPE; 787 - if (fd_file(f)->f_mode & FMODE_PWRITE) 788 - ret = vfs_write(fd_file(f), buf, count, &pos); 789 - fdput(f); 790 - } 791 + CLASS(fd, f)(fd); 792 + if (fd_empty(f)) 793 + return -EBADF; 791 794 792 - return ret; 795 + if (fd_file(f)->f_mode & FMODE_PWRITE) 796 + return vfs_write(fd_file(f), buf, count, &pos); 797 + 798 + return -ESPIPE; 793 799 } 794 800 795 801 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, const char __user *, buf, ··· 1061 1075 static ssize_t do_readv(unsigned long fd, const struct iovec __user *vec, 1062 1076 unsigned long vlen, rwf_t flags) 1063 1077 { 1064 - struct fd f = fdget_pos(fd); 1078 + CLASS(fd_pos, f)(fd); 1065 1079 ssize_t ret = -EBADF; 1066 1080 1067 - if (fd_file(f)) { 1081 + if (!fd_empty(f)) { 1068 1082 loff_t pos, *ppos = file_ppos(fd_file(f)); 1069 1083 if (ppos) { 1070 1084 pos = *ppos; ··· 1073 1087 ret = vfs_readv(fd_file(f), vec, vlen, ppos, flags); 1074 1088 if (ret >= 0 && ppos) 1075 1089 fd_file(f)->f_pos = pos; 1076 - fdput_pos(f); 1077 1090 } 1078 1091 1079 1092 if (ret > 0) ··· 1084 1099 static ssize_t do_writev(unsigned long fd, const struct iovec __user *vec, 1085 1100 unsigned long vlen, rwf_t flags) 1086 1101 { 1087 - struct fd f = fdget_pos(fd); 1102 + CLASS(fd_pos, f)(fd); 1088 1103 ssize_t ret = -EBADF; 1089 1104 1090 - if (fd_file(f)) { 1105 + if (!fd_empty(f)) { 1091 1106 loff_t pos, *ppos = file_ppos(fd_file(f)); 1092 1107 if (ppos) { 1093 1108 pos = *ppos; ··· 1096 1111 ret = vfs_writev(fd_file(f), vec, vlen, ppos, flags); 1097 1112 if (ret >= 0 && ppos) 1098 1113 fd_file(f)->f_pos = pos; 1099 - fdput_pos(f); 1100 1114 } 1101 1115 1102 1116 if (ret > 0) ··· 1113 1129 static ssize_t do_preadv(unsigned long fd, const struct iovec __user *vec, 1114 1130 unsigned long vlen, loff_t pos, rwf_t flags) 1115 1131 { 1116 - struct fd f; 1117 1132 ssize_t ret = -EBADF; 1118 1133 1119 1134 if (pos < 0) 1120 1135 return -EINVAL; 1121 1136 1122 - f = fdget(fd); 1123 - if (fd_file(f)) { 1137 + CLASS(fd, f)(fd); 1138 + if (!fd_empty(f)) { 1124 1139 ret = -ESPIPE; 1125 1140 if (fd_file(f)->f_mode & FMODE_PREAD) 1126 1141 ret = vfs_readv(fd_file(f), vec, vlen, &pos, flags); 1127 - fdput(f); 1128 1142 } 1129 1143 1130 1144 if (ret > 0) ··· 1134 1152 static ssize_t do_pwritev(unsigned long fd, const struct iovec __user *vec, 1135 1153 unsigned long vlen, loff_t pos, rwf_t flags) 1136 1154 { 1137 - struct fd f; 1138 1155 ssize_t ret = -EBADF; 1139 1156 1140 1157 if (pos < 0) 1141 1158 return -EINVAL; 1142 1159 1143 - f = fdget(fd); 1144 - if (fd_file(f)) { 1160 + CLASS(fd, f)(fd); 1161 + if (!fd_empty(f)) { 1145 1162 ret = -ESPIPE; 1146 1163 if (fd_file(f)->f_mode & FMODE_PWRITE) 1147 1164 ret = vfs_writev(fd_file(f), vec, vlen, &pos, flags); 1148 - fdput(f); 1149 1165 } 1150 1166 1151 1167 if (ret > 0) ··· 1295 1315 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, 1296 1316 size_t count, loff_t max) 1297 1317 { 1298 - struct fd in, out; 1299 1318 struct inode *in_inode, *out_inode; 1300 1319 struct pipe_inode_info *opipe; 1301 1320 loff_t pos; ··· 1305 1326 /* 1306 1327 * Get input file, and verify that it is ok.. 1307 1328 */ 1308 - retval = -EBADF; 1309 - in = fdget(in_fd); 1310 - if (!fd_file(in)) 1311 - goto out; 1329 + CLASS(fd, in)(in_fd); 1330 + if (fd_empty(in)) 1331 + return -EBADF; 1312 1332 if (!(fd_file(in)->f_mode & FMODE_READ)) 1313 - goto fput_in; 1314 - retval = -ESPIPE; 1333 + return -EBADF; 1315 1334 if (!ppos) { 1316 1335 pos = fd_file(in)->f_pos; 1317 1336 } else { 1318 1337 pos = *ppos; 1319 1338 if (!(fd_file(in)->f_mode & FMODE_PREAD)) 1320 - goto fput_in; 1339 + return -ESPIPE; 1321 1340 } 1322 1341 retval = rw_verify_area(READ, fd_file(in), &pos, count); 1323 1342 if (retval < 0) 1324 - goto fput_in; 1343 + return retval; 1325 1344 if (count > MAX_RW_COUNT) 1326 1345 count = MAX_RW_COUNT; 1327 1346 1328 1347 /* 1329 1348 * Get output file, and verify that it is ok.. 1330 1349 */ 1331 - retval = -EBADF; 1332 - out = fdget(out_fd); 1333 - if (!fd_file(out)) 1334 - goto fput_in; 1350 + CLASS(fd, out)(out_fd); 1351 + if (fd_empty(out)) 1352 + return -EBADF; 1335 1353 if (!(fd_file(out)->f_mode & FMODE_WRITE)) 1336 - goto fput_out; 1354 + return -EBADF; 1337 1355 in_inode = file_inode(fd_file(in)); 1338 1356 out_inode = file_inode(fd_file(out)); 1339 1357 out_pos = fd_file(out)->f_pos; ··· 1339 1363 max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes); 1340 1364 1341 1365 if (unlikely(pos + count > max)) { 1342 - retval = -EOVERFLOW; 1343 1366 if (pos >= max) 1344 - goto fput_out; 1367 + return -EOVERFLOW; 1345 1368 count = max - pos; 1346 1369 } 1347 1370 ··· 1359 1384 if (!opipe) { 1360 1385 retval = rw_verify_area(WRITE, fd_file(out), &out_pos, count); 1361 1386 if (retval < 0) 1362 - goto fput_out; 1387 + return retval; 1363 1388 retval = do_splice_direct(fd_file(in), &pos, fd_file(out), &out_pos, 1364 1389 count, fl); 1365 1390 } else { ··· 1385 1410 inc_syscw(current); 1386 1411 if (pos > max) 1387 1412 retval = -EOVERFLOW; 1388 - 1389 - fput_out: 1390 - fdput(out); 1391 - fput_in: 1392 - fdput(in); 1393 - out: 1394 1413 return retval; 1395 1414 } 1396 1415 ··· 1640 1671 { 1641 1672 loff_t pos_in; 1642 1673 loff_t pos_out; 1643 - struct fd f_in; 1644 - struct fd f_out; 1645 1674 ssize_t ret = -EBADF; 1646 1675 1647 - f_in = fdget(fd_in); 1648 - if (!fd_file(f_in)) 1649 - goto out2; 1676 + CLASS(fd, f_in)(fd_in); 1677 + if (fd_empty(f_in)) 1678 + return -EBADF; 1650 1679 1651 - f_out = fdget(fd_out); 1652 - if (!fd_file(f_out)) 1653 - goto out1; 1680 + CLASS(fd, f_out)(fd_out); 1681 + if (fd_empty(f_out)) 1682 + return -EBADF; 1654 1683 1655 - ret = -EFAULT; 1656 1684 if (off_in) { 1657 1685 if (copy_from_user(&pos_in, off_in, sizeof(loff_t))) 1658 - goto out; 1686 + return -EFAULT; 1659 1687 } else { 1660 1688 pos_in = fd_file(f_in)->f_pos; 1661 1689 } 1662 1690 1663 1691 if (off_out) { 1664 1692 if (copy_from_user(&pos_out, off_out, sizeof(loff_t))) 1665 - goto out; 1693 + return -EFAULT; 1666 1694 } else { 1667 1695 pos_out = fd_file(f_out)->f_pos; 1668 1696 } 1669 1697 1670 - ret = -EINVAL; 1671 1698 if (flags != 0) 1672 - goto out; 1699 + return -EINVAL; 1673 1700 1674 1701 ret = vfs_copy_file_range(fd_file(f_in), pos_in, fd_file(f_out), pos_out, len, 1675 1702 flags); ··· 1687 1722 fd_file(f_out)->f_pos = pos_out; 1688 1723 } 1689 1724 } 1690 - 1691 - out: 1692 - fdput(f_out); 1693 - out1: 1694 - fdput(f_in); 1695 - out2: 1696 1725 return ret; 1697 1726 } 1698 1727

+10 -18

fs/readdir.c

··· 219 219 struct old_linux_dirent __user *, dirent, unsigned int, count) 220 220 { 221 221 int error; 222 - struct fd f = fdget_pos(fd); 222 + CLASS(fd_pos, f)(fd); 223 223 struct readdir_callback buf = { 224 224 .ctx.actor = fillonedir, 225 225 .dirent = dirent 226 226 }; 227 227 228 - if (!fd_file(f)) 228 + if (fd_empty(f)) 229 229 return -EBADF; 230 230 231 231 error = iterate_dir(fd_file(f), &buf.ctx); 232 232 if (buf.result) 233 233 error = buf.result; 234 234 235 - fdput_pos(f); 236 235 return error; 237 236 } 238 237 ··· 308 309 SYSCALL_DEFINE3(getdents, unsigned int, fd, 309 310 struct linux_dirent __user *, dirent, unsigned int, count) 310 311 { 311 - struct fd f; 312 + CLASS(fd_pos, f)(fd); 312 313 struct getdents_callback buf = { 313 314 .ctx.actor = filldir, 314 315 .count = count, ··· 316 317 }; 317 318 int error; 318 319 319 - f = fdget_pos(fd); 320 - if (!fd_file(f)) 320 + if (fd_empty(f)) 321 321 return -EBADF; 322 322 323 323 error = iterate_dir(fd_file(f), &buf.ctx); ··· 331 333 else 332 334 error = count - buf.count; 333 335 } 334 - fdput_pos(f); 335 336 return error; 336 337 } 337 338 ··· 389 392 SYSCALL_DEFINE3(getdents64, unsigned int, fd, 390 393 struct linux_dirent64 __user *, dirent, unsigned int, count) 391 394 { 392 - struct fd f; 395 + CLASS(fd_pos, f)(fd); 393 396 struct getdents_callback64 buf = { 394 397 .ctx.actor = filldir64, 395 398 .count = count, ··· 397 400 }; 398 401 int error; 399 402 400 - f = fdget_pos(fd); 401 - if (!fd_file(f)) 403 + if (fd_empty(f)) 402 404 return -EBADF; 403 405 404 406 error = iterate_dir(fd_file(f), &buf.ctx); ··· 413 417 else 414 418 error = count - buf.count; 415 419 } 416 - fdput_pos(f); 417 420 return error; 418 421 } 419 422 ··· 472 477 struct compat_old_linux_dirent __user *, dirent, unsigned int, count) 473 478 { 474 479 int error; 475 - struct fd f = fdget_pos(fd); 480 + CLASS(fd_pos, f)(fd); 476 481 struct compat_readdir_callback buf = { 477 482 .ctx.actor = compat_fillonedir, 478 483 .dirent = dirent 479 484 }; 480 485 481 - if (!fd_file(f)) 486 + if (fd_empty(f)) 482 487 return -EBADF; 483 488 484 489 error = iterate_dir(fd_file(f), &buf.ctx); 485 490 if (buf.result) 486 491 error = buf.result; 487 492 488 - fdput_pos(f); 489 493 return error; 490 494 } 491 495 ··· 554 560 COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd, 555 561 struct compat_linux_dirent __user *, dirent, unsigned int, count) 556 562 { 557 - struct fd f; 563 + CLASS(fd_pos, f)(fd); 558 564 struct compat_getdents_callback buf = { 559 565 .ctx.actor = compat_filldir, 560 566 .current_dir = dirent, ··· 562 568 }; 563 569 int error; 564 570 565 - f = fdget_pos(fd); 566 - if (!fd_file(f)) 571 + if (fd_empty(f)) 567 572 return -EBADF; 568 573 569 574 error = iterate_dir(fd_file(f), &buf.ctx); ··· 577 584 else 578 585 error = count - buf.count; 579 586 } 580 - fdput_pos(f); 581 587 return error; 582 588 } 583 589 #endif

+4 -7

fs/remap_range.c

··· 536 536 } 537 537 538 538 for (i = 0, info = same->info; i < count; i++, info++) { 539 - struct fd dst_fd = fdget(info->dest_fd); 540 - struct file *dst_file = fd_file(dst_fd); 539 + CLASS(fd, dst_fd)(info->dest_fd); 541 540 542 - if (!dst_file) { 541 + if (fd_empty(dst_fd)) { 543 542 info->status = -EBADF; 544 543 goto next_loop; 545 544 } 546 545 547 546 if (info->reserved) { 548 547 info->status = -EINVAL; 549 - goto next_fdput; 548 + goto next_loop; 550 549 } 551 550 552 - deduped = vfs_dedupe_file_range_one(file, off, dst_file, 551 + deduped = vfs_dedupe_file_range_one(file, off, fd_file(dst_fd), 553 552 info->dest_offset, len, 554 553 REMAP_FILE_CAN_SHORTEN); 555 554 if (deduped == -EBADE) ··· 558 559 else 559 560 info->bytes_deduped = len; 560 561 561 - next_fdput: 562 - fdput(dst_fd); 563 562 next_loop: 564 563 if (fatal_signal_pending(current)) 565 564 break;

+21 -27

fs/select.c

··· 462 462 EPOLLNVAL) 463 463 #define POLLEX_SET (EPOLLPRI | EPOLLNVAL) 464 464 465 - static inline void wait_key_set(poll_table *wait, unsigned long in, 465 + static inline __poll_t select_poll_one(int fd, poll_table *wait, unsigned long in, 466 466 unsigned long out, unsigned long bit, 467 467 __poll_t ll_flag) 468 468 { 469 + CLASS(fd, f)(fd); 470 + 471 + if (fd_empty(f)) 472 + return EPOLLNVAL; 473 + 469 474 wait->_key = POLLEX_SET | ll_flag; 470 475 if (in & bit) 471 476 wait->_key |= POLLIN_SET; 472 477 if (out & bit) 473 478 wait->_key |= POLLOUT_SET; 479 + 480 + return vfs_poll(fd_file(f), wait); 474 481 } 475 482 476 483 static noinline_for_stack int do_select(int n, fd_set_bits *fds, struct timespec64 *end_time) ··· 529 522 } 530 523 531 524 for (j = 0; j < BITS_PER_LONG; ++j, ++i, bit <<= 1) { 532 - struct fd f; 533 525 if (i >= n) 534 526 break; 535 527 if (!(bit & all_bits)) 536 528 continue; 537 - mask = EPOLLNVAL; 538 - f = fdget(i); 539 - if (fd_file(f)) { 540 - wait_key_set(wait, in, out, bit, 541 - busy_flag); 542 - mask = vfs_poll(fd_file(f), wait); 543 - 544 - fdput(f); 545 - } 529 + mask = select_poll_one(i, wait, in, out, bit, 530 + busy_flag); 546 531 if ((mask & POLLIN_SET) && (in & bit)) { 547 532 res_in |= bit; 548 533 retval++; ··· 855 856 __poll_t busy_flag) 856 857 { 857 858 int fd = pollfd->fd; 858 - __poll_t mask = 0, filter; 859 - struct fd f; 859 + __poll_t mask, filter; 860 860 861 861 if (fd < 0) 862 - goto out; 863 - mask = EPOLLNVAL; 864 - f = fdget(fd); 865 - if (!fd_file(f)) 866 - goto out; 862 + return 0; 863 + 864 + CLASS(fd, f)(fd); 865 + if (fd_empty(f)) 866 + return EPOLLNVAL; 867 867 868 868 /* userland u16 ->events contains POLL... bitmap */ 869 869 filter = demangle_poll(pollfd->events) | EPOLLERR | EPOLLHUP; ··· 870 872 mask = vfs_poll(fd_file(f), pwait); 871 873 if (mask & busy_flag) 872 874 *can_busy_poll = true; 873 - mask &= filter; /* Mask out unneeded events. */ 874 - fdput(f); 875 - 876 - out: 877 - /* ... and so does ->revents */ 878 - pollfd->revents = mangle_poll(mask); 879 - return mask; 875 + return mask & filter; /* Mask out unneeded events. */ 880 876 } 881 877 882 878 static int do_poll(struct poll_list *list, struct poll_wqueues *wait, ··· 902 910 pfd = walk->entries; 903 911 pfd_end = pfd + walk->len; 904 912 for (; pfd != pfd_end; pfd++) { 913 + __poll_t mask; 905 914 /* 906 915 * Fish for events. If we found one, record it 907 916 * and kill poll_table->_qproc, so we don't ··· 910 917 * this. They'll get immediately deregistered 911 918 * when we break out and return. 912 919 */ 913 - if (do_pollfd(pfd, pt, &can_busy_loop, 914 - busy_flag)) { 920 + mask = do_pollfd(pfd, pt, &can_busy_loop, busy_flag); 921 + pfd->revents = mangle_poll(mask); 922 + if (mask) { 915 923 count++; 916 924 pt->_qproc = NULL; 917 925 /* found something, stop busy polling */

+3 -6

fs/signalfd.c

··· 288 288 289 289 fd_install(ufd, file); 290 290 } else { 291 - struct fd f = fdget(ufd); 292 - if (!fd_file(f)) 291 + CLASS(fd, f)(ufd); 292 + if (fd_empty(f)) 293 293 return -EBADF; 294 294 ctx = fd_file(f)->private_data; 295 - if (fd_file(f)->f_op != &signalfd_fops) { 296 - fdput(f); 295 + if (fd_file(f)->f_op != &signalfd_fops) 297 296 return -EINVAL; 298 - } 299 297 spin_lock_irq(&current->sighand->siglock); 300 298 ctx->sigmask = *mask; 301 299 spin_unlock_irq(&current->sighand->siglock); 302 300 303 301 wake_up(&current->sighand->signalfd_wqh); 304 - fdput(f); 305 302 } 306 303 307 304 return ufd;

+4 -7

fs/smb/client/ioctl.c

··· 72 72 unsigned long srcfd) 73 73 { 74 74 int rc; 75 - struct fd src_file; 76 75 struct inode *src_inode; 77 76 78 77 cifs_dbg(FYI, "ioctl copychunk range\n"); ··· 88 89 return rc; 89 90 } 90 91 91 - src_file = fdget(srcfd); 92 - if (!fd_file(src_file)) { 92 + CLASS(fd, src_file)(srcfd); 93 + if (fd_empty(src_file)) { 93 94 rc = -EBADF; 94 95 goto out_drop_write; 95 96 } ··· 97 98 if (fd_file(src_file)->f_op->unlocked_ioctl != cifs_ioctl) { 98 99 rc = -EBADF; 99 100 cifs_dbg(VFS, "src file seems to be from a different filesystem type\n"); 100 - goto out_fput; 101 + goto out_drop_write; 101 102 } 102 103 103 104 src_inode = file_inode(fd_file(src_file)); 104 105 rc = -EINVAL; 105 106 if (S_ISDIR(src_inode->i_mode)) 106 - goto out_fput; 107 + goto out_drop_write; 107 108 108 109 rc = cifs_file_copychunk_range(xid, fd_file(src_file), 0, dst_file, 0, 109 110 src_inode->i_size, 0); 110 111 if (rc > 0) 111 112 rc = 0; 112 - out_fput: 113 - fdput(src_file); 114 113 out_drop_write: 115 114 mnt_drop_write_file(dst_file); 116 115 return rc;

+27 -51

fs/splice.c

··· 1564 1564 return ret; 1565 1565 } 1566 1566 1567 - static int vmsplice_type(struct fd f, int *type) 1568 - { 1569 - if (!fd_file(f)) 1570 - return -EBADF; 1571 - if (fd_file(f)->f_mode & FMODE_WRITE) { 1572 - *type = ITER_SOURCE; 1573 - } else if (fd_file(f)->f_mode & FMODE_READ) { 1574 - *type = ITER_DEST; 1575 - } else { 1576 - fdput(f); 1577 - return -EBADF; 1578 - } 1579 - return 0; 1580 - } 1581 - 1582 1567 /* 1583 1568 * Note that vmsplice only really supports true splicing _from_ user memory 1584 1569 * to a pipe, not the other way around. Splicing from user memory is a simple ··· 1587 1602 struct iovec *iov = iovstack; 1588 1603 struct iov_iter iter; 1589 1604 ssize_t error; 1590 - struct fd f; 1591 1605 int type; 1592 1606 1593 1607 if (unlikely(flags & ~SPLICE_F_ALL)) 1594 1608 return -EINVAL; 1595 1609 1596 - f = fdget(fd); 1597 - error = vmsplice_type(f, &type); 1598 - if (error) 1599 - return error; 1610 + CLASS(fd, f)(fd); 1611 + if (fd_empty(f)) 1612 + return -EBADF; 1613 + if (fd_file(f)->f_mode & FMODE_WRITE) 1614 + type = ITER_SOURCE; 1615 + else if (fd_file(f)->f_mode & FMODE_READ) 1616 + type = ITER_DEST; 1617 + else 1618 + return -EBADF; 1600 1619 1601 1620 error = import_iovec(type, uiov, nr_segs, 1602 1621 ARRAY_SIZE(iovstack), &iov, &iter); 1603 1622 if (error < 0) 1604 - goto out_fdput; 1623 + return error; 1605 1624 1606 1625 if (!iov_iter_count(&iter)) 1607 1626 error = 0; ··· 1615 1626 error = vmsplice_to_user(fd_file(f), &iter, flags); 1616 1627 1617 1628 kfree(iov); 1618 - out_fdput: 1619 - fdput(f); 1620 1629 return error; 1621 1630 } 1622 1631 ··· 1622 1635 int, fd_out, loff_t __user *, off_out, 1623 1636 size_t, len, unsigned int, flags) 1624 1637 { 1625 - struct fd in, out; 1626 - ssize_t error; 1627 - 1628 1638 if (unlikely(!len)) 1629 1639 return 0; 1630 1640 1631 1641 if (unlikely(flags & ~SPLICE_F_ALL)) 1632 1642 return -EINVAL; 1633 1643 1634 - error = -EBADF; 1635 - in = fdget(fd_in); 1636 - if (fd_file(in)) { 1637 - out = fdget(fd_out); 1638 - if (fd_file(out)) { 1639 - error = __do_splice(fd_file(in), off_in, fd_file(out), off_out, 1644 + CLASS(fd, in)(fd_in); 1645 + if (fd_empty(in)) 1646 + return -EBADF; 1647 + 1648 + CLASS(fd, out)(fd_out); 1649 + if (fd_empty(out)) 1650 + return -EBADF; 1651 + 1652 + return __do_splice(fd_file(in), off_in, fd_file(out), off_out, 1640 1653 len, flags); 1641 - fdput(out); 1642 - } 1643 - fdput(in); 1644 - } 1645 - return error; 1646 1654 } 1647 1655 1648 1656 /* ··· 1987 2005 1988 2006 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags) 1989 2007 { 1990 - struct fd in, out; 1991 - ssize_t error; 1992 - 1993 2008 if (unlikely(flags & ~SPLICE_F_ALL)) 1994 2009 return -EINVAL; 1995 2010 1996 2011 if (unlikely(!len)) 1997 2012 return 0; 1998 2013 1999 - error = -EBADF; 2000 - in = fdget(fdin); 2001 - if (fd_file(in)) { 2002 - out = fdget(fdout); 2003 - if (fd_file(out)) { 2004 - error = do_tee(fd_file(in), fd_file(out), len, flags); 2005 - fdput(out); 2006 - } 2007 - fdput(in); 2008 - } 2014 + CLASS(fd, in)(fdin); 2015 + if (fd_empty(in)) 2016 + return -EBADF; 2009 2017 2010 - return error; 2018 + CLASS(fd, out)(fdout); 2019 + if (fd_empty(out)) 2020 + return -EBADF; 2021 + 2022 + return do_tee(fd_file(in), fd_file(out), len, flags); 2011 2023 }

+5 -7

fs/statfs.c

··· 114 114 115 115 int fd_statfs(int fd, struct kstatfs *st) 116 116 { 117 - struct fd f = fdget_raw(fd); 118 - int error = -EBADF; 119 - if (fd_file(f)) { 120 - error = vfs_statfs(&fd_file(f)->f_path, st); 121 - fdput(f); 122 - } 123 - return error; 117 + CLASS(fd_raw, f)(fd); 118 + 119 + if (fd_empty(f)) 120 + return -EBADF; 121 + return vfs_statfs(&fd_file(f)->f_path, st); 124 122 } 125 123 126 124 static int do_statfs_native(struct kstatfs *st, struct statfs __user *p)

+11 -18

fs/sync.c

··· 148 148 */ 149 149 SYSCALL_DEFINE1(syncfs, int, fd) 150 150 { 151 - struct fd f = fdget(fd); 151 + CLASS(fd, f)(fd); 152 152 struct super_block *sb; 153 153 int ret, ret2; 154 154 155 - if (!fd_file(f)) 155 + if (fd_empty(f)) 156 156 return -EBADF; 157 157 sb = fd_file(f)->f_path.dentry->d_sb; 158 158 ··· 162 162 163 163 ret2 = errseq_check_and_advance(&sb->s_wb_err, &fd_file(f)->f_sb_err); 164 164 165 - fdput(f); 166 165 return ret ? ret : ret2; 167 166 } 168 167 ··· 204 205 205 206 static int do_fsync(unsigned int fd, int datasync) 206 207 { 207 - struct fd f = fdget(fd); 208 - int ret = -EBADF; 208 + CLASS(fd, f)(fd); 209 209 210 - if (fd_file(f)) { 211 - ret = vfs_fsync(fd_file(f), datasync); 212 - fdput(f); 213 - } 214 - return ret; 210 + if (fd_empty(f)) 211 + return -EBADF; 212 + 213 + return vfs_fsync(fd_file(f), datasync); 215 214 } 216 215 217 216 SYSCALL_DEFINE1(fsync, unsigned int, fd) ··· 352 355 int ksys_sync_file_range(int fd, loff_t offset, loff_t nbytes, 353 356 unsigned int flags) 354 357 { 355 - int ret; 356 - struct fd f; 358 + CLASS(fd, f)(fd); 357 359 358 - ret = -EBADF; 359 - f = fdget(fd); 360 - if (fd_file(f)) 361 - ret = sync_file_range(fd_file(f), offset, nbytes, flags); 360 + if (fd_empty(f)) 361 + return -EBADF; 362 362 363 - fdput(f); 364 - return ret; 363 + return sync_file_range(fd_file(f), offset, nbytes, flags); 365 364 } 366 365 367 366 SYSCALL_DEFINE4(sync_file_range, int, fd, loff_t, offset, loff_t, nbytes,

+14 -26

fs/timerfd.c

··· 394 394 .unlocked_ioctl = timerfd_ioctl, 395 395 }; 396 396 397 - static int timerfd_fget(int fd, struct fd *p) 398 - { 399 - struct fd f = fdget(fd); 400 - if (!fd_file(f)) 401 - return -EBADF; 402 - if (fd_file(f)->f_op != &timerfd_fops) { 403 - fdput(f); 404 - return -EINVAL; 405 - } 406 - *p = f; 407 - return 0; 408 - } 409 - 410 397 SYSCALL_DEFINE2(timerfd_create, int, clockid, int, flags) 411 398 { 412 399 int ufd; ··· 458 471 const struct itimerspec64 *new, 459 472 struct itimerspec64 *old) 460 473 { 461 - struct fd f; 462 474 struct timerfd_ctx *ctx; 463 475 int ret; 464 476 ··· 465 479 !itimerspec64_valid(new)) 466 480 return -EINVAL; 467 481 468 - ret = timerfd_fget(ufd, &f); 469 - if (ret) 470 - return ret; 482 + CLASS(fd, f)(ufd); 483 + if (fd_empty(f)) 484 + return -EBADF; 485 + 486 + if (fd_file(f)->f_op != &timerfd_fops) 487 + return -EINVAL; 488 + 471 489 ctx = fd_file(f)->private_data; 472 490 473 - if (isalarm(ctx) && !capable(CAP_WAKE_ALARM)) { 474 - fdput(f); 491 + if (isalarm(ctx) && !capable(CAP_WAKE_ALARM)) 475 492 return -EPERM; 476 - } 477 493 478 494 timerfd_setup_cancel(ctx, flags); 479 495 ··· 523 535 ret = timerfd_setup(ctx, flags, new); 524 536 525 537 spin_unlock_irq(&ctx->wqh.lock); 526 - fdput(f); 527 538 return ret; 528 539 } 529 540 530 541 static int do_timerfd_gettime(int ufd, struct itimerspec64 *t) 531 542 { 532 - struct fd f; 533 543 struct timerfd_ctx *ctx; 534 - int ret = timerfd_fget(ufd, &f); 535 - if (ret) 536 - return ret; 544 + CLASS(fd, f)(ufd); 545 + 546 + if (fd_empty(f)) 547 + return -EBADF; 548 + if (fd_file(f)->f_op != &timerfd_fops) 549 + return -EINVAL; 537 550 ctx = fd_file(f)->private_data; 538 551 539 552 spin_lock_irq(&ctx->wqh.lock); ··· 556 567 t->it_value = ktime_to_timespec64(timerfd_get_remaining(ctx)); 557 568 t->it_interval = ktime_to_timespec64(ctx->tintv); 558 569 spin_unlock_irq(&ctx->wqh.lock); 559 - fdput(f); 560 570 return 0; 561 571 } 562 572

+3 -8

fs/utimes.c

··· 108 108 109 109 static int do_utimes_fd(int fd, struct timespec64 *times, int flags) 110 110 { 111 - struct fd f; 112 - int error; 113 - 114 111 if (flags) 115 112 return -EINVAL; 116 113 117 - f = fdget(fd); 118 - if (!fd_file(f)) 114 + CLASS(fd, f)(fd); 115 + if (fd_empty(f)) 119 116 return -EBADF; 120 - error = vfs_utimes(&fd_file(f)->f_path, times); 121 - fdput(f); 122 - return error; 117 + return vfs_utimes(&fd_file(f)->f_path, times); 123 118 } 124 119 125 120 /*

+5 -13

fs/xfs/xfs_exchrange.c

··· 813 813 .file2 = file, 814 814 }; 815 815 struct xfs_exchange_range args; 816 - struct fd file1; 817 - int error; 818 816 819 817 if (copy_from_user(&args, argp, sizeof(args))) 820 818 return -EFAULT; ··· 826 828 fxr.length = args.length; 827 829 fxr.flags = args.flags; 828 830 829 - file1 = fdget(args.file1_fd); 830 - if (!fd_file(file1)) 831 + CLASS(fd, file1)(args.file1_fd); 832 + if (fd_empty(file1)) 831 833 return -EBADF; 832 834 fxr.file1 = fd_file(file1); 833 835 834 - error = xfs_exchange_range(&fxr); 835 - fdput(file1); 836 - return error; 836 + return xfs_exchange_range(&fxr); 837 837 } 838 838 839 839 /* Opaque freshness blob for XFS_IOC_COMMIT_RANGE */ ··· 905 909 struct xfs_commit_range_fresh *kern_f; 906 910 struct xfs_inode *ip2 = XFS_I(file_inode(file)); 907 911 struct xfs_mount *mp = ip2->i_mount; 908 - struct fd file1; 909 - int error; 910 912 911 913 kern_f = (struct xfs_commit_range_fresh *)&args.file2_freshness; 912 914 ··· 928 934 fxr.file2_ctime.tv_sec = kern_f->file2_ctime; 929 935 fxr.file2_ctime.tv_nsec = kern_f->file2_ctime_nsec; 930 936 931 - file1 = fdget(args.file1_fd); 937 + CLASS(fd, file1)(args.file1_fd); 932 938 if (fd_empty(file1)) 933 939 return -EBADF; 934 940 fxr.file1 = fd_file(file1); 935 941 936 - error = xfs_exchange_range(&fxr); 937 - fdput(file1); 938 - return error; 942 + return xfs_exchange_range(&fxr); 939 943 }

+7 -9

fs/xfs/xfs_handle.c

··· 85 85 int hsize; 86 86 xfs_handle_t handle; 87 87 struct inode *inode; 88 - struct fd f = EMPTY_FD; 89 88 struct path path; 90 89 int error; 91 90 struct xfs_inode *ip; 92 91 93 92 if (cmd == XFS_IOC_FD_TO_HANDLE) { 94 - f = fdget(hreq->fd); 95 - if (!fd_file(f)) 93 + CLASS(fd, f)(hreq->fd); 94 + 95 + if (fd_empty(f)) 96 96 return -EBADF; 97 - inode = file_inode(fd_file(f)); 97 + path = fd_file(f)->f_path; 98 + path_get(&path); 98 99 } else { 99 100 error = user_path_at(AT_FDCWD, hreq->path, 0, &path); 100 101 if (error) 101 102 return error; 102 - inode = d_inode(path.dentry); 103 103 } 104 + inode = d_inode(path.dentry); 104 105 ip = XFS_I(inode); 105 106 106 107 /* ··· 135 134 error = 0; 136 135 137 136 out_put: 138 - if (cmd == XFS_IOC_FD_TO_HANDLE) 139 - fdput(f); 140 - else 141 - path_put(&path); 137 + path_put(&path); 142 138 return error; 143 139 } 144 140

+21 -48

fs/xfs/xfs_ioctl.c

··· 881 881 xfs_swapext_t *sxp) 882 882 { 883 883 xfs_inode_t *ip, *tip; 884 - struct fd f, tmp; 885 - int error = 0; 886 884 887 885 /* Pull information for the target fd */ 888 - f = fdget((int)sxp->sx_fdtarget); 889 - if (!fd_file(f)) { 890 - error = -EINVAL; 891 - goto out; 892 - } 886 + CLASS(fd, f)((int)sxp->sx_fdtarget); 887 + if (fd_empty(f)) 888 + return -EINVAL; 893 889 894 890 if (!(fd_file(f)->f_mode & FMODE_WRITE) || 895 891 !(fd_file(f)->f_mode & FMODE_READ) || 896 - (fd_file(f)->f_flags & O_APPEND)) { 897 - error = -EBADF; 898 - goto out_put_file; 899 - } 892 + (fd_file(f)->f_flags & O_APPEND)) 893 + return -EBADF; 900 894 901 - tmp = fdget((int)sxp->sx_fdtmp); 902 - if (!fd_file(tmp)) { 903 - error = -EINVAL; 904 - goto out_put_file; 905 - } 895 + CLASS(fd, tmp)((int)sxp->sx_fdtmp); 896 + if (fd_empty(tmp)) 897 + return -EINVAL; 906 898 907 899 if (!(fd_file(tmp)->f_mode & FMODE_WRITE) || 908 900 !(fd_file(tmp)->f_mode & FMODE_READ) || 909 - (fd_file(tmp)->f_flags & O_APPEND)) { 910 - error = -EBADF; 911 - goto out_put_tmp_file; 912 - } 901 + (fd_file(tmp)->f_flags & O_APPEND)) 902 + return -EBADF; 913 903 914 904 if (IS_SWAPFILE(file_inode(fd_file(f))) || 915 - IS_SWAPFILE(file_inode(fd_file(tmp)))) { 916 - error = -EINVAL; 917 - goto out_put_tmp_file; 918 - } 905 + IS_SWAPFILE(file_inode(fd_file(tmp)))) 906 + return -EINVAL; 919 907 920 908 /* 921 909 * We need to ensure that the fds passed in point to XFS inodes ··· 911 923 * control over what the user passes us here. 912 924 */ 913 925 if (fd_file(f)->f_op != &xfs_file_operations || 914 - fd_file(tmp)->f_op != &xfs_file_operations) { 915 - error = -EINVAL; 916 - goto out_put_tmp_file; 917 - } 926 + fd_file(tmp)->f_op != &xfs_file_operations) 927 + return -EINVAL; 918 928 919 929 ip = XFS_I(file_inode(fd_file(f))); 920 930 tip = XFS_I(file_inode(fd_file(tmp))); 921 931 922 - if (ip->i_mount != tip->i_mount) { 923 - error = -EINVAL; 924 - goto out_put_tmp_file; 925 - } 932 + if (ip->i_mount != tip->i_mount) 933 + return -EINVAL; 926 934 927 - if (ip->i_ino == tip->i_ino) { 928 - error = -EINVAL; 929 - goto out_put_tmp_file; 930 - } 935 + if (ip->i_ino == tip->i_ino) 936 + return -EINVAL; 931 937 932 - if (xfs_is_shutdown(ip->i_mount)) { 933 - error = -EIO; 934 - goto out_put_tmp_file; 935 - } 938 + if (xfs_is_shutdown(ip->i_mount)) 939 + return -EIO; 936 940 937 - error = xfs_swap_extents(ip, tip, sxp); 938 - 939 - out_put_tmp_file: 940 - fdput(tmp); 941 - out_put_file: 942 - fdput(f); 943 - out: 944 - return error; 941 + return xfs_swap_extents(ip, tip, sxp); 945 942 } 946 943 947 944 static int

+1 -1

include/linux/cleanup.h

··· 234 234 * DEFINE_CLASS(fdget, struct fd, fdput(_T), fdget(fd), int fd) 235 235 * 236 236 * CLASS(fdget, f)(fd); 237 - * if (!fd_file(f)) 237 + * if (fd_empty(f)) 238 238 * return -EBADF; 239 239 * 240 240 * // use 'f' without concern

+1 -6

include/linux/file.h

··· 30 30 extern struct file *alloc_file_clone(struct file *, int flags, 31 31 const struct file_operations *); 32 32 33 - static inline void fput_light(struct file *file, int fput_needed) 34 - { 35 - if (fput_needed) 36 - fput(file); 37 - } 38 - 39 33 /* either a reference to struct file + flags 40 34 * (cloned vs. borrowed, pos locked), with 41 35 * flags stored in lower bits of value, ··· 82 88 83 89 DEFINE_CLASS(fd, struct fd, fdput(_T), fdget(fd), int fd) 84 90 DEFINE_CLASS(fd_raw, struct fd, fdput(_T), fdget_raw(fd), int fd) 91 + DEFINE_CLASS(fd_pos, struct fd, fdput_pos(_T), fdget_pos(fd), int fd) 85 92 86 93 extern int f_dupfd(unsigned int from, struct file *file, unsigned flags); 87 94 extern int replace_fd(unsigned fd, struct file *file, unsigned flags);

+1 -1

include/linux/netlink.h

··· 239 239 int netlink_unregister_notifier(struct notifier_block *nb); 240 240 241 241 /* finegrained unicast helpers: */ 242 - struct sock *netlink_getsockbyfilp(struct file *filp); 242 + struct sock *netlink_getsockbyfd(int fd); 243 243 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, 244 244 long *timeo, struct sock *ssk); 245 245 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);

+8 -21

io_uring/sqpoll.c

··· 106 106 { 107 107 struct io_ring_ctx *ctx_attach; 108 108 struct io_sq_data *sqd; 109 - struct fd f; 109 + CLASS(fd, f)(p->wq_fd); 110 110 111 - f = fdget(p->wq_fd); 112 - if (!fd_file(f)) 111 + if (fd_empty(f)) 113 112 return ERR_PTR(-ENXIO); 114 - if (!io_is_uring_fops(fd_file(f))) { 115 - fdput(f); 113 + if (!io_is_uring_fops(fd_file(f))) 116 114 return ERR_PTR(-EINVAL); 117 - } 118 115 119 116 ctx_attach = fd_file(f)->private_data; 120 117 sqd = ctx_attach->sq_data; 121 - if (!sqd) { 122 - fdput(f); 118 + if (!sqd) 123 119 return ERR_PTR(-EINVAL); 124 - } 125 - if (sqd->task_tgid != current->tgid) { 126 - fdput(f); 120 + if (sqd->task_tgid != current->tgid) 127 121 return ERR_PTR(-EPERM); 128 - } 129 122 130 123 refcount_inc(&sqd->refs); 131 - fdput(f); 132 124 return sqd; 133 125 } 134 126 ··· 409 417 /* Retain compatibility with failing for an invalid attach attempt */ 410 418 if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) == 411 419 IORING_SETUP_ATTACH_WQ) { 412 - struct fd f; 413 - 414 - f = fdget(p->wq_fd); 415 - if (!fd_file(f)) 420 + CLASS(fd, f)(p->wq_fd); 421 + if (fd_empty(f)) 416 422 return -ENXIO; 417 - if (!io_is_uring_fops(fd_file(f))) { 418 - fdput(f); 423 + if (!io_is_uring_fops(fd_file(f))) 419 424 return -EINVAL; 420 - } 421 - fdput(f); 422 425 } 423 426 if (ctx->flags & IORING_SETUP_SQPOLL) { 424 427 struct task_struct *tsk;

+32 -77

ipc/mqueue.c

··· 1063 1063 size_t msg_len, unsigned int msg_prio, 1064 1064 struct timespec64 *ts) 1065 1065 { 1066 - struct fd f; 1067 1066 struct inode *inode; 1068 1067 struct ext_wait_queue wait; 1069 1068 struct ext_wait_queue *receiver; ··· 1083 1084 1084 1085 audit_mq_sendrecv(mqdes, msg_len, msg_prio, ts); 1085 1086 1086 - f = fdget(mqdes); 1087 - if (unlikely(!fd_file(f))) { 1088 - ret = -EBADF; 1089 - goto out; 1090 - } 1087 + CLASS(fd, f)(mqdes); 1088 + if (fd_empty(f)) 1089 + return -EBADF; 1091 1090 1092 1091 inode = file_inode(fd_file(f)); 1093 - if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) { 1094 - ret = -EBADF; 1095 - goto out_fput; 1096 - } 1092 + if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) 1093 + return -EBADF; 1097 1094 info = MQUEUE_I(inode); 1098 1095 audit_file(fd_file(f)); 1099 1096 1100 - if (unlikely(!(fd_file(f)->f_mode & FMODE_WRITE))) { 1101 - ret = -EBADF; 1102 - goto out_fput; 1103 - } 1097 + if (unlikely(!(fd_file(f)->f_mode & FMODE_WRITE))) 1098 + return -EBADF; 1104 1099 1105 - if (unlikely(msg_len > info->attr.mq_msgsize)) { 1106 - ret = -EMSGSIZE; 1107 - goto out_fput; 1108 - } 1100 + if (unlikely(msg_len > info->attr.mq_msgsize)) 1101 + return -EMSGSIZE; 1109 1102 1110 1103 /* First try to allocate memory, before doing anything with 1111 1104 * existing queues. */ 1112 1105 msg_ptr = load_msg(u_msg_ptr, msg_len); 1113 - if (IS_ERR(msg_ptr)) { 1114 - ret = PTR_ERR(msg_ptr); 1115 - goto out_fput; 1116 - } 1106 + if (IS_ERR(msg_ptr)) 1107 + return PTR_ERR(msg_ptr); 1117 1108 msg_ptr->m_ts = msg_len; 1118 1109 msg_ptr->m_type = msg_prio; 1119 1110 ··· 1161 1172 out_free: 1162 1173 if (ret) 1163 1174 free_msg(msg_ptr); 1164 - out_fput: 1165 - fdput(f); 1166 - out: 1167 1175 return ret; 1168 1176 } 1169 1177 ··· 1170 1184 { 1171 1185 ssize_t ret; 1172 1186 struct msg_msg *msg_ptr; 1173 - struct fd f; 1174 1187 struct inode *inode; 1175 1188 struct mqueue_inode_info *info; 1176 1189 struct ext_wait_queue wait; ··· 1183 1198 1184 1199 audit_mq_sendrecv(mqdes, msg_len, 0, ts); 1185 1200 1186 - f = fdget(mqdes); 1187 - if (unlikely(!fd_file(f))) { 1188 - ret = -EBADF; 1189 - goto out; 1190 - } 1201 + CLASS(fd, f)(mqdes); 1202 + if (fd_empty(f)) 1203 + return -EBADF; 1191 1204 1192 1205 inode = file_inode(fd_file(f)); 1193 - if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) { 1194 - ret = -EBADF; 1195 - goto out_fput; 1196 - } 1206 + if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) 1207 + return -EBADF; 1197 1208 info = MQUEUE_I(inode); 1198 1209 audit_file(fd_file(f)); 1199 1210 1200 - if (unlikely(!(fd_file(f)->f_mode & FMODE_READ))) { 1201 - ret = -EBADF; 1202 - goto out_fput; 1203 - } 1211 + if (unlikely(!(fd_file(f)->f_mode & FMODE_READ))) 1212 + return -EBADF; 1204 1213 1205 1214 /* checks if buffer is big enough */ 1206 - if (unlikely(msg_len < info->attr.mq_msgsize)) { 1207 - ret = -EMSGSIZE; 1208 - goto out_fput; 1209 - } 1215 + if (unlikely(msg_len < info->attr.mq_msgsize)) 1216 + return -EMSGSIZE; 1210 1217 1211 1218 /* 1212 1219 * msg_insert really wants us to have a valid, spare node struct so ··· 1252 1275 } 1253 1276 free_msg(msg_ptr); 1254 1277 } 1255 - out_fput: 1256 - fdput(f); 1257 - out: 1258 1278 return ret; 1259 1279 } 1260 1280 ··· 1291 1317 static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) 1292 1318 { 1293 1319 int ret; 1294 - struct fd f; 1295 1320 struct sock *sock; 1296 1321 struct inode *inode; 1297 1322 struct mqueue_inode_info *info; ··· 1320 1347 if (copy_from_user(nc->data, 1321 1348 notification->sigev_value.sival_ptr, 1322 1349 NOTIFY_COOKIE_LEN)) { 1323 - ret = -EFAULT; 1324 - goto free_skb; 1350 + kfree_skb(nc); 1351 + return -EFAULT; 1325 1352 } 1326 1353 1327 1354 /* TODO: add a header? */ 1328 1355 skb_put(nc, NOTIFY_COOKIE_LEN); 1329 1356 /* and attach it to the socket */ 1330 1357 retry: 1331 - f = fdget(notification->sigev_signo); 1332 - if (!fd_file(f)) { 1333 - ret = -EBADF; 1334 - goto out; 1335 - } 1336 - sock = netlink_getsockbyfilp(fd_file(f)); 1337 - fdput(f); 1358 + sock = netlink_getsockbyfd(notification->sigev_signo); 1338 1359 if (IS_ERR(sock)) { 1339 - ret = PTR_ERR(sock); 1340 - goto free_skb; 1360 + kfree_skb(nc); 1361 + return PTR_ERR(sock); 1341 1362 } 1342 1363 1343 1364 timeo = MAX_SCHEDULE_TIMEOUT; 1344 1365 ret = netlink_attachskb(sock, nc, &timeo, NULL); 1345 - if (ret == 1) { 1346 - sock = NULL; 1366 + if (ret == 1) 1347 1367 goto retry; 1348 - } 1349 1368 if (ret) 1350 1369 return ret; 1351 1370 } 1352 1371 } 1353 1372 1354 - f = fdget(mqdes); 1355 - if (!fd_file(f)) { 1373 + CLASS(fd, f)(mqdes); 1374 + if (fd_empty(f)) { 1356 1375 ret = -EBADF; 1357 1376 goto out; 1358 1377 } ··· 1352 1387 inode = file_inode(fd_file(f)); 1353 1388 if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) { 1354 1389 ret = -EBADF; 1355 - goto out_fput; 1390 + goto out; 1356 1391 } 1357 1392 info = MQUEUE_I(inode); 1358 1393 ··· 1391 1426 inode_set_atime_to_ts(inode, inode_set_ctime_current(inode)); 1392 1427 } 1393 1428 spin_unlock(&info->lock); 1394 - out_fput: 1395 - fdput(f); 1396 1429 out: 1397 1430 if (sock) 1398 1431 netlink_detachskb(sock, nc); 1399 - else 1400 - free_skb: 1401 - dev_kfree_skb(nc); 1402 - 1403 1432 return ret; 1404 1433 } 1405 1434 ··· 1411 1452 1412 1453 static int do_mq_getsetattr(int mqdes, struct mq_attr *new, struct mq_attr *old) 1413 1454 { 1414 - struct fd f; 1415 1455 struct inode *inode; 1416 1456 struct mqueue_inode_info *info; 1417 1457 1418 1458 if (new && (new->mq_flags & (~O_NONBLOCK))) 1419 1459 return -EINVAL; 1420 1460 1421 - f = fdget(mqdes); 1422 - if (!fd_file(f)) 1461 + CLASS(fd, f)(mqdes); 1462 + if (fd_empty(f)) 1423 1463 return -EBADF; 1424 1464 1425 - if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) { 1426 - fdput(f); 1465 + if (unlikely(fd_file(f)->f_op != &mqueue_file_operations)) 1427 1466 return -EBADF; 1428 - } 1429 1467 1430 1468 inode = file_inode(fd_file(f)); 1431 1469 info = MQUEUE_I(inode); ··· 1446 1490 } 1447 1491 1448 1492 spin_unlock(&info->lock); 1449 - fdput(f); 1450 1493 return 0; 1451 1494 } 1452 1495

+7 -14

kernel/cgroup/cgroup.c

··· 6476 6476 struct cgroup *dst_cgrp = NULL; 6477 6477 struct css_set *cset; 6478 6478 struct super_block *sb; 6479 - struct file *f; 6480 6479 6481 6480 if (kargs->flags & CLONE_INTO_CGROUP) 6482 6481 cgroup_lock(); ··· 6492 6493 return 0; 6493 6494 } 6494 6495 6495 - f = fget_raw(kargs->cgroup); 6496 - if (!f) { 6496 + CLASS(fd_raw, f)(kargs->cgroup); 6497 + if (fd_empty(f)) { 6497 6498 ret = -EBADF; 6498 6499 goto err; 6499 6500 } 6500 - sb = f->f_path.dentry->d_sb; 6501 + sb = fd_file(f)->f_path.dentry->d_sb; 6501 6502 6502 - dst_cgrp = cgroup_get_from_file(f); 6503 + dst_cgrp = cgroup_get_from_file(fd_file(f)); 6503 6504 if (IS_ERR(dst_cgrp)) { 6504 6505 ret = PTR_ERR(dst_cgrp); 6505 6506 dst_cgrp = NULL; ··· 6547 6548 } 6548 6549 6549 6550 put_css_set(cset); 6550 - fput(f); 6551 6551 kargs->cgrp = dst_cgrp; 6552 6552 return ret; 6553 6553 6554 6554 err: 6555 6555 cgroup_threadgroup_change_end(current); 6556 6556 cgroup_unlock(); 6557 - if (f) 6558 - fput(f); 6559 6557 if (dst_cgrp) 6560 6558 cgroup_put(dst_cgrp); 6561 6559 put_css_set(cset); ··· 6962 6966 */ 6963 6967 struct cgroup *cgroup_v1v2_get_from_fd(int fd) 6964 6968 { 6965 - struct cgroup *cgrp; 6966 - struct fd f = fdget_raw(fd); 6967 - if (!fd_file(f)) 6969 + CLASS(fd_raw, f)(fd); 6970 + if (fd_empty(f)) 6968 6971 return ERR_PTR(-EBADF); 6969 6972 6970 - cgrp = cgroup_v1v2_get_from_file(fd_file(f)); 6971 - fdput(f); 6972 - return cgrp; 6973 + return cgroup_v1v2_get_from_file(fd_file(f)); 6973 6974 } 6974 6975 6975 6976 /**

+21 -42

kernel/events/core.c

··· 966 966 { 967 967 struct perf_cgroup *cgrp; 968 968 struct cgroup_subsys_state *css; 969 - struct fd f = fdget(fd); 969 + CLASS(fd, f)(fd); 970 970 int ret = 0; 971 971 972 - if (!fd_file(f)) 972 + if (fd_empty(f)) 973 973 return -EBADF; 974 974 975 975 css = css_tryget_online_from_dir(fd_file(f)->f_path.dentry, 976 976 &perf_event_cgrp_subsys); 977 - if (IS_ERR(css)) { 978 - ret = PTR_ERR(css); 979 - goto out; 980 - } 977 + if (IS_ERR(css)) 978 + return PTR_ERR(css); 981 979 982 980 ret = perf_cgroup_ensure_storage(event, css); 983 981 if (ret) 984 - goto out; 982 + return ret; 985 983 986 984 cgrp = container_of(css, struct perf_cgroup, css); 987 985 event->cgrp = cgrp; ··· 993 995 perf_detach_cgroup(event); 994 996 ret = -EINVAL; 995 997 } 996 - out: 997 - fdput(f); 998 998 return ret; 999 999 } 1000 1000 ··· 5994 5998 5995 5999 static const struct file_operations perf_fops; 5996 6000 5997 - static inline int perf_fget_light(int fd, struct fd *p) 6001 + static inline bool is_perf_file(struct fd f) 5998 6002 { 5999 - struct fd f = fdget(fd); 6000 - if (!fd_file(f)) 6001 - return -EBADF; 6002 - 6003 - if (fd_file(f)->f_op != &perf_fops) { 6004 - fdput(f); 6005 - return -EBADF; 6006 - } 6007 - *p = f; 6008 - return 0; 6003 + return !fd_empty(f) && fd_file(f)->f_op == &perf_fops; 6009 6004 } 6010 6005 6011 6006 static int perf_event_set_output(struct perf_event *event, ··· 6044 6057 6045 6058 case PERF_EVENT_IOC_SET_OUTPUT: 6046 6059 { 6047 - int ret; 6060 + CLASS(fd, output)(arg); // arg == -1 => empty 6061 + struct perf_event *output_event = NULL; 6048 6062 if (arg != -1) { 6049 - struct perf_event *output_event; 6050 - struct fd output; 6051 - ret = perf_fget_light(arg, &output); 6052 - if (ret) 6053 - return ret; 6063 + if (!is_perf_file(output)) 6064 + return -EBADF; 6054 6065 output_event = fd_file(output)->private_data; 6055 - ret = perf_event_set_output(event, output_event); 6056 - fdput(output); 6057 - } else { 6058 - ret = perf_event_set_output(event, NULL); 6059 6066 } 6060 - return ret; 6067 + return perf_event_set_output(event, output_event); 6061 6068 } 6062 6069 6063 6070 case PERF_EVENT_IOC_SET_FILTER: ··· 12645 12664 struct perf_event_attr attr; 12646 12665 struct perf_event_context *ctx; 12647 12666 struct file *event_file = NULL; 12648 - struct fd group = EMPTY_FD; 12649 12667 struct task_struct *task = NULL; 12650 12668 struct pmu *pmu; 12651 12669 int event_fd; ··· 12715 12735 if (event_fd < 0) 12716 12736 return event_fd; 12717 12737 12738 + CLASS(fd, group)(group_fd); // group_fd == -1 => empty 12718 12739 if (group_fd != -1) { 12719 - err = perf_fget_light(group_fd, &group); 12720 - if (err) 12740 + if (!is_perf_file(group)) { 12741 + err = -EBADF; 12721 12742 goto err_fd; 12743 + } 12722 12744 group_leader = fd_file(group)->private_data; 12723 12745 if (flags & PERF_FLAG_FD_OUTPUT) 12724 12746 output_event = group_leader; ··· 12732 12750 task = find_lively_task_by_vpid(pid); 12733 12751 if (IS_ERR(task)) { 12734 12752 err = PTR_ERR(task); 12735 - goto err_group_fd; 12753 + goto err_fd; 12736 12754 } 12737 12755 } 12738 12756 ··· 12999 13017 mutex_unlock(&current->perf_event_mutex); 13000 13018 13001 13019 /* 13002 - * Drop the reference on the group_event after placing the 13003 - * new event on the sibling_list. This ensures destruction 13004 - * of the group leader will find the pointer to itself in 13005 - * perf_group_detach(). 13020 + * File reference in group guarantees that group_leader has been 13021 + * kept alive until we place the new event on the sibling_list. 13022 + * This ensures destruction of the group leader will find 13023 + * the pointer to itself in perf_group_detach(). 13006 13024 */ 13007 - fdput(group); 13008 13025 fd_install(event_fd, event_file); 13009 13026 return event_fd; 13010 13027 ··· 13022 13041 err_task: 13023 13042 if (task) 13024 13043 put_task_struct(task); 13025 - err_group_fd: 13026 - fdput(group); 13027 13044 err_fd: 13028 13045 put_unused_fd(event_fd); 13029 13046 return err;

+6 -9

kernel/module/main.c

··· 3202 3202 { 3203 3203 struct idempotent idem; 3204 3204 3205 - if (!f || !(f->f_mode & FMODE_READ)) 3205 + if (!(f->f_mode & FMODE_READ)) 3206 3206 return -EBADF; 3207 3207 3208 3208 /* Are we the winners of the race and get to do this? */ ··· 3219 3219 3220 3220 SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) 3221 3221 { 3222 - int err; 3223 - struct fd f; 3224 - 3225 - err = may_init_module(); 3222 + int err = may_init_module(); 3226 3223 if (err) 3227 3224 return err; 3228 3225 ··· 3230 3233 |MODULE_INIT_COMPRESSED_FILE)) 3231 3234 return -EINVAL; 3232 3235 3233 - f = fdget(fd); 3234 - err = idempotent_init_module(fd_file(f), uargs, flags); 3235 - fdput(f); 3236 - return err; 3236 + CLASS(fd, f)(fd); 3237 + if (fd_empty(f)) 3238 + return -EBADF; 3239 + return idempotent_init_module(fd_file(f), uargs, flags); 3237 3240 } 3238 3241 3239 3242 /* Keep in sync with MODULE_FLAGS_BUF_SIZE !!! */

+2 -3

kernel/nsproxy.c

··· 545 545 546 546 SYSCALL_DEFINE2(setns, int, fd, int, flags) 547 547 { 548 - struct fd f = fdget(fd); 548 + CLASS(fd, f)(fd); 549 549 struct ns_common *ns = NULL; 550 550 struct nsset nsset = {}; 551 551 int err = 0; 552 552 553 - if (!fd_file(f)) 553 + if (fd_empty(f)) 554 554 return -EBADF; 555 555 556 556 if (proc_ns_file(fd_file(f))) { ··· 580 580 } 581 581 put_nsset(&nsset); 582 582 out: 583 - fdput(f); 584 583 return err; 585 584 } 586 585

+6 -14

kernel/pid.c

··· 536 536 537 537 struct pid *pidfd_get_pid(unsigned int fd, unsigned int *flags) 538 538 { 539 - struct fd f; 539 + CLASS(fd, f)(fd); 540 540 struct pid *pid; 541 541 542 - f = fdget(fd); 543 - if (!fd_file(f)) 542 + if (fd_empty(f)) 544 543 return ERR_PTR(-EBADF); 545 544 546 545 pid = pidfd_pid(fd_file(f)); ··· 547 548 get_pid(pid); 548 549 *flags = fd_file(f)->f_flags; 549 550 } 550 - 551 - fdput(f); 552 551 return pid; 553 552 } 554 553 ··· 744 747 unsigned int, flags) 745 748 { 746 749 struct pid *pid; 747 - struct fd f; 748 - int ret; 749 750 750 751 /* flags is currently unused - make sure it's unset */ 751 752 if (flags) 752 753 return -EINVAL; 753 754 754 - f = fdget(pidfd); 755 - if (!fd_file(f)) 755 + CLASS(fd, f)(pidfd); 756 + if (fd_empty(f)) 756 757 return -EBADF; 757 758 758 759 pid = pidfd_pid(fd_file(f)); 759 760 if (IS_ERR(pid)) 760 - ret = PTR_ERR(pid); 761 - else 762 - ret = pidfd_getfd(pid, fd); 761 + return PTR_ERR(pid); 763 762 764 - fdput(f); 765 - return ret; 763 + return pidfd_getfd(pid, fd); 766 764 }

+10 -19

kernel/signal.c

··· 3909 3909 siginfo_t __user *, info, unsigned int, flags) 3910 3910 { 3911 3911 int ret; 3912 - struct fd f; 3913 3912 struct pid *pid; 3914 3913 kernel_siginfo_t kinfo; 3915 3914 enum pid_type type; ··· 3921 3922 if (hweight32(flags & PIDFD_SEND_SIGNAL_FLAGS) > 1) 3922 3923 return -EINVAL; 3923 3924 3924 - f = fdget(pidfd); 3925 - if (!fd_file(f)) 3925 + CLASS(fd, f)(pidfd); 3926 + if (fd_empty(f)) 3926 3927 return -EBADF; 3927 3928 3928 3929 /* Is this a pidfd? */ 3929 3930 pid = pidfd_to_pid(fd_file(f)); 3930 - if (IS_ERR(pid)) { 3931 - ret = PTR_ERR(pid); 3932 - goto err; 3933 - } 3931 + if (IS_ERR(pid)) 3932 + return PTR_ERR(pid); 3934 3933 3935 - ret = -EINVAL; 3936 3934 if (!access_pidfd_pidns(pid)) 3937 - goto err; 3935 + return -EINVAL; 3938 3936 3939 3937 switch (flags) { 3940 3938 case 0: ··· 3955 3959 if (info) { 3956 3960 ret = copy_siginfo_from_user_any(&kinfo, info); 3957 3961 if (unlikely(ret)) 3958 - goto err; 3962 + return ret; 3959 3963 3960 - ret = -EINVAL; 3961 3964 if (unlikely(sig != kinfo.si_signo)) 3962 - goto err; 3965 + return -EINVAL; 3963 3966 3964 3967 /* Only allow sending arbitrary signals to yourself. */ 3965 - ret = -EPERM; 3966 3968 if ((task_pid(current) != pid || type > PIDTYPE_TGID) && 3967 3969 (kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL)) 3968 - goto err; 3970 + return -EPERM; 3969 3971 } else { 3970 3972 prepare_kill_siginfo(sig, &kinfo, type); 3971 3973 } 3972 3974 3973 3975 if (type == PIDTYPE_PGID) 3974 - ret = kill_pgrp_info(sig, &kinfo, pid); 3976 + return kill_pgrp_info(sig, &kinfo, pid); 3975 3977 else 3976 - ret = kill_pid_info_type(sig, &kinfo, pid, type); 3977 - err: 3978 - fdput(f); 3979 - return ret; 3978 + return kill_pid_info_type(sig, &kinfo, pid, type); 3980 3979 } 3981 3980 3982 3981 static int

+5 -10

kernel/sys.c

··· 1911 1911 1912 1912 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) 1913 1913 { 1914 - struct fd exe; 1914 + CLASS(fd, exe)(fd); 1915 1915 struct inode *inode; 1916 1916 int err; 1917 1917 1918 - exe = fdget(fd); 1919 - if (!fd_file(exe)) 1918 + if (fd_empty(exe)) 1920 1919 return -EBADF; 1921 1920 1922 1921 inode = file_inode(fd_file(exe)); ··· 1925 1926 * sure that this one is executable as well, to avoid breaking an 1926 1927 * overall picture. 1927 1928 */ 1928 - err = -EACCES; 1929 1929 if (!S_ISREG(inode->i_mode) || path_noexec(&fd_file(exe)->f_path)) 1930 - goto exit; 1930 + return -EACCES; 1931 1931 1932 1932 err = file_permission(fd_file(exe), MAY_EXEC); 1933 1933 if (err) 1934 - goto exit; 1934 + return err; 1935 1935 1936 - err = replace_mm_exe_file(mm, fd_file(exe)); 1937 - exit: 1938 - fdput(exe); 1939 - return err; 1936 + return replace_mm_exe_file(mm, fd_file(exe)); 1940 1937 } 1941 1938 1942 1939 /*

+6 -12

kernel/taskstats.c

··· 411 411 struct nlattr *na; 412 412 size_t size; 413 413 u32 fd; 414 - struct fd f; 415 414 416 415 na = info->attrs[CGROUPSTATS_CMD_ATTR_FD]; 417 416 if (!na) 418 417 return -EINVAL; 419 418 420 419 fd = nla_get_u32(info->attrs[CGROUPSTATS_CMD_ATTR_FD]); 421 - f = fdget(fd); 422 - if (!fd_file(f)) 420 + CLASS(fd, f)(fd); 421 + if (fd_empty(f)) 423 422 return 0; 424 423 425 424 size = nla_total_size(sizeof(struct cgroupstats)); ··· 426 427 rc = prepare_reply(info, CGROUPSTATS_CMD_NEW, &rep_skb, 427 428 size); 428 429 if (rc < 0) 429 - goto err; 430 + return rc; 430 431 431 432 na = nla_reserve(rep_skb, CGROUPSTATS_TYPE_CGROUP_STATS, 432 433 sizeof(struct cgroupstats)); 433 434 if (na == NULL) { 434 435 nlmsg_free(rep_skb); 435 - rc = -EMSGSIZE; 436 - goto err; 436 + return -EMSGSIZE; 437 437 } 438 438 439 439 stats = nla_data(na); ··· 441 443 rc = cgroupstats_build(stats, fd_file(f)->f_path.dentry); 442 444 if (rc < 0) { 443 445 nlmsg_free(rep_skb); 444 - goto err; 446 + return rc; 445 447 } 446 448 447 - rc = send_reply(rep_skb, info); 448 - 449 - err: 450 - fdput(f); 451 - return rc; 449 + return send_reply(rep_skb, info); 452 450 } 453 451 454 452 static int cmd_attr_register_cpumask(struct genl_info *info)

+2 -4

kernel/watch_queue.c

··· 663 663 { 664 664 struct pipe_inode_info *pipe; 665 665 struct watch_queue *wqueue = ERR_PTR(-EINVAL); 666 - struct fd f; 666 + CLASS(fd, f)(fd); 667 667 668 - f = fdget(fd); 669 - if (fd_file(f)) { 668 + if (!fd_empty(f)) { 670 669 pipe = get_pipe_info(fd_file(f), false); 671 670 if (pipe && pipe->watch_queue) { 672 671 wqueue = pipe->watch_queue; 673 672 kref_get(&wqueue->usage); 674 673 } 675 - fdput(f); 676 674 } 677 675 678 676 return wqueue;

+3 -7

mm/fadvise.c

··· 190 190 191 191 int ksys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) 192 192 { 193 - struct fd f = fdget(fd); 194 - int ret; 193 + CLASS(fd, f)(fd); 195 194 196 - if (!fd_file(f)) 195 + if (fd_empty(f)) 197 196 return -EBADF; 198 197 199 - ret = vfs_fadvise(fd_file(f), offset, len, advice); 200 - 201 - fdput(f); 202 - return ret; 198 + return vfs_fadvise(fd_file(f), offset, len, advice); 203 199 } 204 200 205 201 SYSCALL_DEFINE4(fadvise64_64, int, fd, loff_t, offset, loff_t, len, int, advice)

+5 -12

mm/filemap.c

··· 4423 4423 struct cachestat_range __user *, cstat_range, 4424 4424 struct cachestat __user *, cstat, unsigned int, flags) 4425 4425 { 4426 - struct fd f = fdget(fd); 4426 + CLASS(fd, f)(fd); 4427 4427 struct address_space *mapping; 4428 4428 struct cachestat_range csr; 4429 4429 struct cachestat cs; 4430 4430 pgoff_t first_index, last_index; 4431 4431 4432 - if (!fd_file(f)) 4432 + if (fd_empty(f)) 4433 4433 return -EBADF; 4434 4434 4435 4435 if (copy_from_user(&csr, cstat_range, 4436 - sizeof(struct cachestat_range))) { 4437 - fdput(f); 4436 + sizeof(struct cachestat_range))) 4438 4437 return -EFAULT; 4439 - } 4440 4438 4441 4439 /* hugetlbfs is not supported */ 4442 - if (is_file_hugepages(fd_file(f))) { 4443 - fdput(f); 4440 + if (is_file_hugepages(fd_file(f))) 4444 4441 return -EOPNOTSUPP; 4445 - } 4446 4442 4447 - if (flags != 0) { 4448 - fdput(f); 4443 + if (flags != 0) 4449 4444 return -EINVAL; 4450 - } 4451 4445 4452 4446 first_index = csr.off >> PAGE_SHIFT; 4453 4447 last_index = ··· 4449 4455 memset(&cs, 0, sizeof(struct cachestat)); 4450 4456 mapping = fd_file(f)->f_mapping; 4451 4457 filemap_cachestat(mapping, first_index, last_index, &cs); 4452 - fdput(f); 4453 4458 4454 4459 if (copy_to_user(cstat, &cs, sizeof(struct cachestat))) 4455 4460 return -EFAULT;

+15 -29

mm/memcontrol-v1.c

··· 1936 1936 struct mem_cgroup_event *event; 1937 1937 struct cgroup_subsys_state *cfile_css; 1938 1938 unsigned int efd, cfd; 1939 - struct fd efile; 1940 - struct fd cfile; 1941 1939 struct dentry *cdentry; 1942 1940 const char *name; 1943 1941 char *endp; ··· 1959 1961 else 1960 1962 return -EINVAL; 1961 1963 1964 + CLASS(fd, efile)(efd); 1965 + if (fd_empty(efile)) 1966 + return -EBADF; 1967 + 1968 + CLASS(fd, cfile)(cfd); 1969 + 1962 1970 event = kzalloc(sizeof(*event), GFP_KERNEL); 1963 1971 if (!event) 1964 1972 return -ENOMEM; ··· 1975 1971 init_waitqueue_func_entry(&event->wait, memcg_event_wake); 1976 1972 INIT_WORK(&event->remove, memcg_event_remove); 1977 1973 1978 - efile = fdget(efd); 1979 - if (!fd_file(efile)) { 1980 - ret = -EBADF; 1981 - goto out_kfree; 1982 - } 1983 - 1984 1974 event->eventfd = eventfd_ctx_fileget(fd_file(efile)); 1985 1975 if (IS_ERR(event->eventfd)) { 1986 1976 ret = PTR_ERR(event->eventfd); 1987 - goto out_put_efile; 1977 + goto out_kfree; 1988 1978 } 1989 1979 1990 - cfile = fdget(cfd); 1991 - if (!fd_file(cfile)) { 1980 + if (fd_empty(cfile)) { 1992 1981 ret = -EBADF; 1993 1982 goto out_put_eventfd; 1994 1983 } ··· 1990 1993 /* AV: shouldn't we check that it's been opened for read instead? */ 1991 1994 ret = file_permission(fd_file(cfile), MAY_READ); 1992 1995 if (ret < 0) 1993 - goto out_put_cfile; 1996 + goto out_put_eventfd; 1994 1997 1995 1998 /* 1996 1999 * The control file must be a regular cgroup1 file. As a regular cgroup ··· 1999 2002 cdentry = fd_file(cfile)->f_path.dentry; 2000 2003 if (cdentry->d_sb->s_type != &cgroup_fs_type || !d_is_reg(cdentry)) { 2001 2004 ret = -EINVAL; 2002 - goto out_put_cfile; 2005 + goto out_put_eventfd; 2003 2006 } 2004 2007 2005 2008 /* ··· 2032 2035 event->unregister_event = memsw_cgroup_usage_unregister_event; 2033 2036 } else { 2034 2037 ret = -EINVAL; 2035 - goto out_put_cfile; 2038 + goto out_put_eventfd; 2036 2039 } 2037 2040 2038 2041 /* ··· 2044 2047 &memory_cgrp_subsys); 2045 2048 ret = -EINVAL; 2046 2049 if (IS_ERR(cfile_css)) 2047 - goto out_put_cfile; 2048 - if (cfile_css != css) { 2049 - css_put(cfile_css); 2050 - goto out_put_cfile; 2051 - } 2050 + goto out_put_eventfd; 2051 + if (cfile_css != css) 2052 + goto out_put_css; 2052 2053 2053 2054 ret = event->register_event(memcg, event->eventfd, buf); 2054 2055 if (ret) ··· 2057 2062 spin_lock_irq(&memcg->event_list_lock); 2058 2063 list_add(&event->list, &memcg->event_list); 2059 2064 spin_unlock_irq(&memcg->event_list_lock); 2060 - 2061 - fdput(cfile); 2062 - fdput(efile); 2063 - 2064 2065 return nbytes; 2065 2066 2066 2067 out_put_css: 2067 - css_put(css); 2068 - out_put_cfile: 2069 - fdput(cfile); 2068 + css_put(cfile_css); 2070 2069 out_put_eventfd: 2071 2070 eventfd_ctx_put(event->eventfd); 2072 - out_put_efile: 2073 - fdput(efile); 2074 2071 out_kfree: 2075 2072 kfree(event); 2076 - 2077 2073 return ret; 2078 2074 } 2079 2075

+5 -12

mm/readahead.c

··· 673 673 674 674 ssize_t ksys_readahead(int fd, loff_t offset, size_t count) 675 675 { 676 - ssize_t ret; 677 - struct fd f; 676 + CLASS(fd, f)(fd); 678 677 679 - ret = -EBADF; 680 - f = fdget(fd); 681 - if (!fd_file(f) || !(fd_file(f)->f_mode & FMODE_READ)) 682 - goto out; 678 + if (fd_empty(f) || !(fd_file(f)->f_mode & FMODE_READ)) 679 + return -EBADF; 683 680 684 681 /* 685 682 * The readahead() syscall is intended to run only on files 686 683 * that can execute readahead. If readahead is not possible 687 684 * on this file, then we must return -EINVAL. 688 685 */ 689 - ret = -EINVAL; 690 686 if (!fd_file(f)->f_mapping || !fd_file(f)->f_mapping->a_ops || 691 687 (!S_ISREG(file_inode(fd_file(f))->i_mode) && 692 688 !S_ISBLK(file_inode(fd_file(f))->i_mode))) 693 - goto out; 689 + return -EINVAL; 694 690 695 - ret = vfs_fadvise(fd_file(f), offset, count, POSIX_FADV_WILLNEED); 696 - out: 697 - fdput(f); 698 - return ret; 691 + return vfs_fadvise(fd_file(f), offset, count, POSIX_FADV_WILLNEED); 699 692 } 700 693 701 694 SYSCALL_DEFINE3(readahead, int, fd, loff_t, offset, size_t, count)

+4 -6

net/core/net_namespace.c

··· 694 694 695 695 struct net *get_net_ns_by_fd(int fd) 696 696 { 697 - struct fd f = fdget(fd); 698 - struct net *net = ERR_PTR(-EINVAL); 697 + CLASS(fd, f)(fd); 699 698 700 - if (!fd_file(f)) 699 + if (fd_empty(f)) 701 700 return ERR_PTR(-EBADF); 702 701 703 702 if (proc_ns_file(fd_file(f))) { 704 703 struct ns_common *ns = get_proc_ns(file_inode(fd_file(f))); 705 704 if (ns->ops == &netns_operations) 706 - net = get_net(container_of(ns, struct net, ns)); 705 + return get_net(container_of(ns, struct net, ns)); 707 706 } 708 - fdput(f); 709 707 710 - return net; 708 + return ERR_PTR(-EINVAL); 711 709 } 712 710 EXPORT_SYMBOL_GPL(get_net_ns_by_fd); 713 711 #endif

+7 -2

net/netlink/af_netlink.c

··· 1165 1165 return sock; 1166 1166 } 1167 1167 1168 - struct sock *netlink_getsockbyfilp(struct file *filp) 1168 + struct sock *netlink_getsockbyfd(int fd) 1169 1169 { 1170 - struct inode *inode = file_inode(filp); 1170 + CLASS(fd, f)(fd); 1171 + struct inode *inode; 1171 1172 struct sock *sock; 1172 1173 1174 + if (fd_empty(f)) 1175 + return ERR_PTR(-EBADF); 1176 + 1177 + inode = file_inode(fd_file(f)); 1173 1178 if (!S_ISSOCK(inode->i_mode)) 1174 1179 return ERR_PTR(-ENOTSOCK); 1175 1180

+136 -165

net/socket.c

··· 509 509 510 510 struct socket *sock_from_file(struct file *file) 511 511 { 512 - if (file->f_op == &socket_file_ops) 512 + if (likely(file->f_op == &socket_file_ops)) 513 513 return file->private_data; /* set in sock_alloc_file */ 514 514 515 515 return NULL; ··· 548 548 return sock; 549 549 } 550 550 EXPORT_SYMBOL(sockfd_lookup); 551 - 552 - static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed) 553 - { 554 - struct fd f = fdget(fd); 555 - struct socket *sock; 556 - 557 - *err = -EBADF; 558 - if (fd_file(f)) { 559 - sock = sock_from_file(fd_file(f)); 560 - if (likely(sock)) { 561 - *fput_needed = f.word & FDPUT_FPUT; 562 - return sock; 563 - } 564 - *err = -ENOTSOCK; 565 - fdput(f); 566 - } 567 - return NULL; 568 - } 569 551 570 552 static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer, 571 553 size_t size) ··· 1840 1858 { 1841 1859 struct socket *sock; 1842 1860 struct sockaddr_storage address; 1843 - int err, fput_needed; 1861 + CLASS(fd, f)(fd); 1862 + int err; 1844 1863 1845 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 1846 - if (sock) { 1847 - err = move_addr_to_kernel(umyaddr, addrlen, &address); 1848 - if (!err) 1849 - err = __sys_bind_socket(sock, &address, addrlen); 1850 - fput_light(sock->file, fput_needed); 1851 - } 1852 - return err; 1864 + if (fd_empty(f)) 1865 + return -EBADF; 1866 + sock = sock_from_file(fd_file(f)); 1867 + if (unlikely(!sock)) 1868 + return -ENOTSOCK; 1869 + 1870 + err = move_addr_to_kernel(umyaddr, addrlen, &address); 1871 + if (unlikely(err)) 1872 + return err; 1873 + 1874 + return __sys_bind_socket(sock, &address, addrlen); 1853 1875 } 1854 1876 1855 1877 SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) ··· 1882 1896 1883 1897 int __sys_listen(int fd, int backlog) 1884 1898 { 1899 + CLASS(fd, f)(fd); 1885 1900 struct socket *sock; 1886 - int err, fput_needed; 1887 1901 1888 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 1889 - if (sock) { 1890 - err = __sys_listen_socket(sock, backlog); 1891 - fput_light(sock->file, fput_needed); 1892 - } 1893 - return err; 1902 + if (fd_empty(f)) 1903 + return -EBADF; 1904 + sock = sock_from_file(fd_file(f)); 1905 + if (unlikely(!sock)) 1906 + return -ENOTSOCK; 1907 + 1908 + return __sys_listen_socket(sock, backlog); 1894 1909 } 1895 1910 1896 1911 SYSCALL_DEFINE2(listen, int, fd, int, backlog) ··· 2001 2014 int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr, 2002 2015 int __user *upeer_addrlen, int flags) 2003 2016 { 2004 - int ret = -EBADF; 2005 - struct fd f; 2017 + CLASS(fd, f)(fd); 2006 2018 2007 - f = fdget(fd); 2008 - if (fd_file(f)) { 2009 - ret = __sys_accept4_file(fd_file(f), upeer_sockaddr, 2019 + if (fd_empty(f)) 2020 + return -EBADF; 2021 + return __sys_accept4_file(fd_file(f), upeer_sockaddr, 2010 2022 upeer_addrlen, flags); 2011 - fdput(f); 2012 - } 2013 - 2014 - return ret; 2015 2023 } 2016 2024 2017 2025 SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, ··· 2058 2076 2059 2077 int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) 2060 2078 { 2061 - int ret = -EBADF; 2062 - struct fd f; 2079 + struct sockaddr_storage address; 2080 + CLASS(fd, f)(fd); 2081 + int ret; 2063 2082 2064 - f = fdget(fd); 2065 - if (fd_file(f)) { 2066 - struct sockaddr_storage address; 2083 + if (fd_empty(f)) 2084 + return -EBADF; 2067 2085 2068 - ret = move_addr_to_kernel(uservaddr, addrlen, &address); 2069 - if (!ret) 2070 - ret = __sys_connect_file(fd_file(f), &address, addrlen, 0); 2071 - fdput(f); 2072 - } 2086 + ret = move_addr_to_kernel(uservaddr, addrlen, &address); 2087 + if (ret) 2088 + return ret; 2073 2089 2074 - return ret; 2090 + return __sys_connect_file(fd_file(f), &address, addrlen, 0); 2075 2091 } 2076 2092 2077 2093 SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, ··· 2088 2108 { 2089 2109 struct socket *sock; 2090 2110 struct sockaddr_storage address; 2091 - int err, fput_needed; 2111 + CLASS(fd, f)(fd); 2112 + int err; 2092 2113 2093 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2094 - if (!sock) 2095 - goto out; 2114 + if (fd_empty(f)) 2115 + return -EBADF; 2116 + sock = sock_from_file(fd_file(f)); 2117 + if (unlikely(!sock)) 2118 + return -ENOTSOCK; 2096 2119 2097 2120 err = security_socket_getsockname(sock); 2098 2121 if (err) 2099 - goto out_put; 2122 + return err; 2100 2123 2101 2124 err = READ_ONCE(sock->ops)->getname(sock, (struct sockaddr *)&address, 0); 2102 2125 if (err < 0) 2103 - goto out_put; 2104 - /* "err" is actually length in this case */ 2105 - err = move_addr_to_user(&address, err, usockaddr, usockaddr_len); 2126 + return err; 2106 2127 2107 - out_put: 2108 - fput_light(sock->file, fput_needed); 2109 - out: 2110 - return err; 2128 + /* "err" is actually length in this case */ 2129 + return move_addr_to_user(&address, err, usockaddr, usockaddr_len); 2111 2130 } 2112 2131 2113 2132 SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr, ··· 2125 2146 { 2126 2147 struct socket *sock; 2127 2148 struct sockaddr_storage address; 2128 - int err, fput_needed; 2149 + CLASS(fd, f)(fd); 2150 + int err; 2129 2151 2130 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2131 - if (sock != NULL) { 2132 - const struct proto_ops *ops = READ_ONCE(sock->ops); 2152 + if (fd_empty(f)) 2153 + return -EBADF; 2154 + sock = sock_from_file(fd_file(f)); 2155 + if (unlikely(!sock)) 2156 + return -ENOTSOCK; 2133 2157 2134 - err = security_socket_getpeername(sock); 2135 - if (err) { 2136 - fput_light(sock->file, fput_needed); 2137 - return err; 2138 - } 2158 + err = security_socket_getpeername(sock); 2159 + if (err) 2160 + return err; 2139 2161 2140 - err = ops->getname(sock, (struct sockaddr *)&address, 1); 2141 - if (err >= 0) 2142 - /* "err" is actually length in this case */ 2143 - err = move_addr_to_user(&address, err, usockaddr, 2144 - usockaddr_len); 2145 - fput_light(sock->file, fput_needed); 2146 - } 2147 - return err; 2162 + err = READ_ONCE(sock->ops)->getname(sock, (struct sockaddr *)&address, 1); 2163 + if (err < 0) 2164 + return err; 2165 + 2166 + /* "err" is actually length in this case */ 2167 + return move_addr_to_user(&address, err, usockaddr, usockaddr_len); 2148 2168 } 2149 2169 2150 2170 SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, ··· 2164 2186 struct sockaddr_storage address; 2165 2187 int err; 2166 2188 struct msghdr msg; 2167 - int fput_needed; 2168 2189 2169 2190 err = import_ubuf(ITER_SOURCE, buff, len, &msg.msg_iter); 2170 2191 if (unlikely(err)) 2171 2192 return err; 2172 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2173 - if (!sock) 2174 - goto out; 2193 + 2194 + CLASS(fd, f)(fd); 2195 + if (fd_empty(f)) 2196 + return -EBADF; 2197 + sock = sock_from_file(fd_file(f)); 2198 + if (unlikely(!sock)) 2199 + return -ENOTSOCK; 2175 2200 2176 2201 msg.msg_name = NULL; 2177 2202 msg.msg_control = NULL; ··· 2184 2203 if (addr) { 2185 2204 err = move_addr_to_kernel(addr, addr_len, &address); 2186 2205 if (err < 0) 2187 - goto out_put; 2206 + return err; 2188 2207 msg.msg_name = (struct sockaddr *)&address; 2189 2208 msg.msg_namelen = addr_len; 2190 2209 } ··· 2192 2211 if (sock->file->f_flags & O_NONBLOCK) 2193 2212 flags |= MSG_DONTWAIT; 2194 2213 msg.msg_flags = flags; 2195 - err = __sock_sendmsg(sock, &msg); 2196 - 2197 - out_put: 2198 - fput_light(sock->file, fput_needed); 2199 - out: 2200 - return err; 2214 + return __sock_sendmsg(sock, &msg); 2201 2215 } 2202 2216 2203 2217 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, ··· 2227 2251 }; 2228 2252 struct socket *sock; 2229 2253 int err, err2; 2230 - int fput_needed; 2231 2254 2232 2255 err = import_ubuf(ITER_DEST, ubuf, size, &msg.msg_iter); 2233 2256 if (unlikely(err)) 2234 2257 return err; 2235 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2236 - if (!sock) 2237 - goto out; 2258 + 2259 + CLASS(fd, f)(fd); 2260 + 2261 + if (fd_empty(f)) 2262 + return -EBADF; 2263 + sock = sock_from_file(fd_file(f)); 2264 + if (unlikely(!sock)) 2265 + return -ENOTSOCK; 2238 2266 2239 2267 if (sock->file->f_flags & O_NONBLOCK) 2240 2268 flags |= MSG_DONTWAIT; ··· 2250 2270 if (err2 < 0) 2251 2271 err = err2; 2252 2272 } 2253 - 2254 - fput_light(sock->file, fput_needed); 2255 - out: 2256 2273 return err; 2257 2274 } 2258 2275 ··· 2324 2347 { 2325 2348 sockptr_t optval = USER_SOCKPTR(user_optval); 2326 2349 bool compat = in_compat_syscall(); 2327 - int err, fput_needed; 2328 2350 struct socket *sock; 2351 + CLASS(fd, f)(fd); 2329 2352 2330 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2331 - if (!sock) 2332 - return err; 2353 + if (fd_empty(f)) 2354 + return -EBADF; 2355 + sock = sock_from_file(fd_file(f)); 2356 + if (unlikely(!sock)) 2357 + return -ENOTSOCK; 2333 2358 2334 - err = do_sock_setsockopt(sock, compat, level, optname, optval, optlen); 2335 - 2336 - fput_light(sock->file, fput_needed); 2337 - return err; 2359 + return do_sock_setsockopt(sock, compat, level, optname, optval, optlen); 2338 2360 } 2339 2361 2340 2362 SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname, ··· 2389 2413 int __sys_getsockopt(int fd, int level, int optname, char __user *optval, 2390 2414 int __user *optlen) 2391 2415 { 2392 - int err, fput_needed; 2393 2416 struct socket *sock; 2394 - bool compat; 2417 + CLASS(fd, f)(fd); 2395 2418 2396 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2397 - if (!sock) 2398 - return err; 2419 + if (fd_empty(f)) 2420 + return -EBADF; 2421 + sock = sock_from_file(fd_file(f)); 2422 + if (unlikely(!sock)) 2423 + return -ENOTSOCK; 2399 2424 2400 - compat = in_compat_syscall(); 2401 - err = do_sock_getsockopt(sock, compat, level, optname, 2425 + return do_sock_getsockopt(sock, in_compat_syscall(), level, optname, 2402 2426 USER_SOCKPTR(optval), USER_SOCKPTR(optlen)); 2403 - 2404 - fput_light(sock->file, fput_needed); 2405 - return err; 2406 2427 } 2407 2428 2408 2429 SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname, ··· 2425 2452 2426 2453 int __sys_shutdown(int fd, int how) 2427 2454 { 2428 - int err, fput_needed; 2429 2455 struct socket *sock; 2456 + CLASS(fd, f)(fd); 2430 2457 2431 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2432 - if (sock != NULL) { 2433 - err = __sys_shutdown_sock(sock, how); 2434 - fput_light(sock->file, fput_needed); 2435 - } 2436 - return err; 2458 + if (fd_empty(f)) 2459 + return -EBADF; 2460 + sock = sock_from_file(fd_file(f)); 2461 + if (unlikely(!sock)) 2462 + return -ENOTSOCK; 2463 + 2464 + return __sys_shutdown_sock(sock, how); 2437 2465 } 2438 2466 2439 2467 SYSCALL_DEFINE2(shutdown, int, fd, int, how) ··· 2650 2676 long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags, 2651 2677 bool forbid_cmsg_compat) 2652 2678 { 2653 - int fput_needed, err; 2654 2679 struct msghdr msg_sys; 2655 2680 struct socket *sock; 2656 2681 2657 2682 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT)) 2658 2683 return -EINVAL; 2659 2684 2660 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2661 - if (!sock) 2662 - goto out; 2685 + CLASS(fd, f)(fd); 2663 2686 2664 - err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0); 2687 + if (fd_empty(f)) 2688 + return -EBADF; 2689 + sock = sock_from_file(fd_file(f)); 2690 + if (unlikely(!sock)) 2691 + return -ENOTSOCK; 2665 2692 2666 - fput_light(sock->file, fput_needed); 2667 - out: 2668 - return err; 2693 + return ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0); 2669 2694 } 2670 2695 2671 2696 SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags) ··· 2679 2706 int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, 2680 2707 unsigned int flags, bool forbid_cmsg_compat) 2681 2708 { 2682 - int fput_needed, err, datagrams; 2709 + int err, datagrams; 2683 2710 struct socket *sock; 2684 2711 struct mmsghdr __user *entry; 2685 2712 struct compat_mmsghdr __user *compat_entry; ··· 2695 2722 2696 2723 datagrams = 0; 2697 2724 2698 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2699 - if (!sock) 2700 - return err; 2725 + CLASS(fd, f)(fd); 2726 + 2727 + if (fd_empty(f)) 2728 + return -EBADF; 2729 + sock = sock_from_file(fd_file(f)); 2730 + if (unlikely(!sock)) 2731 + return -ENOTSOCK; 2701 2732 2702 2733 used_address.name_len = UINT_MAX; 2703 2734 entry = mmsg; ··· 2737 2760 break; 2738 2761 cond_resched(); 2739 2762 } 2740 - 2741 - fput_light(sock->file, fput_needed); 2742 2763 2743 2764 /* We only return an error if no datagrams were able to be sent */ 2744 2765 if (datagrams != 0) ··· 2859 2884 long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags, 2860 2885 bool forbid_cmsg_compat) 2861 2886 { 2862 - int fput_needed, err; 2863 2887 struct msghdr msg_sys; 2864 2888 struct socket *sock; 2865 2889 2866 2890 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT)) 2867 2891 return -EINVAL; 2868 2892 2869 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2870 - if (!sock) 2871 - goto out; 2893 + CLASS(fd, f)(fd); 2872 2894 2873 - err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0); 2895 + if (fd_empty(f)) 2896 + return -EBADF; 2897 + sock = sock_from_file(fd_file(f)); 2898 + if (unlikely(!sock)) 2899 + return -ENOTSOCK; 2874 2900 2875 - fput_light(sock->file, fput_needed); 2876 - out: 2877 - return err; 2901 + return ___sys_recvmsg(sock, msg, &msg_sys, flags, 0); 2878 2902 } 2879 2903 2880 2904 SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg, ··· 2890 2916 unsigned int vlen, unsigned int flags, 2891 2917 struct timespec64 *timeout) 2892 2918 { 2893 - int fput_needed, err, datagrams; 2919 + int err = 0, datagrams; 2894 2920 struct socket *sock; 2895 2921 struct mmsghdr __user *entry; 2896 2922 struct compat_mmsghdr __user *compat_entry; ··· 2905 2931 2906 2932 datagrams = 0; 2907 2933 2908 - sock = sockfd_lookup_light(fd, &err, &fput_needed); 2909 - if (!sock) 2910 - return err; 2934 + CLASS(fd, f)(fd); 2935 + 2936 + if (fd_empty(f)) 2937 + return -EBADF; 2938 + sock = sock_from_file(fd_file(f)); 2939 + if (unlikely(!sock)) 2940 + return -ENOTSOCK; 2911 2941 2912 2942 if (likely(!(flags & MSG_ERRQUEUE))) { 2913 2943 err = sock_error(sock->sk); 2914 - if (err) { 2915 - datagrams = err; 2916 - goto out_put; 2917 - } 2944 + if (err) 2945 + return err; 2918 2946 } 2919 2947 2920 2948 entry = mmsg; ··· 2973 2997 } 2974 2998 2975 2999 if (err == 0) 2976 - goto out_put; 3000 + return datagrams; 2977 3001 2978 - if (datagrams == 0) { 2979 - datagrams = err; 2980 - goto out_put; 2981 - } 3002 + if (datagrams == 0) 3003 + return err; 2982 3004 2983 3005 /* 2984 3006 * We may return less entries than requested (vlen) if the ··· 2991 3017 */ 2992 3018 WRITE_ONCE(sock->sk->sk_err, -err); 2993 3019 } 2994 - out_put: 2995 - fput_light(sock->file, fput_needed); 2996 - 2997 3020 return datagrams; 2998 3021 } 2999 3022

+2 -5

security/integrity/ima/ima_main.c

··· 1062 1062 */ 1063 1063 void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) 1064 1064 { 1065 - struct fd f; 1066 - 1067 1065 if (!buf || !size) 1068 1066 return; 1069 1067 1070 - f = fdget(kernel_fd); 1071 - if (!fd_file(f)) 1068 + CLASS(fd, f)(kernel_fd); 1069 + if (fd_empty(f)) 1072 1070 return; 1073 1071 1074 1072 process_buffer_measurement(file_mnt_idmap(fd_file(f)), file_inode(fd_file(f)), 1075 1073 buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0, 1076 1074 NULL, false, NULL, 0); 1077 - fdput(f); 1078 1075 } 1079 1076 1080 1077 /**

+14 -31

security/landlock/syscalls.c

··· 241 241 static struct landlock_ruleset *get_ruleset_from_fd(const int fd, 242 242 const fmode_t mode) 243 243 { 244 - struct fd ruleset_f; 244 + CLASS(fd, ruleset_f)(fd); 245 245 struct landlock_ruleset *ruleset; 246 246 247 - ruleset_f = fdget(fd); 248 - if (!fd_file(ruleset_f)) 247 + if (fd_empty(ruleset_f)) 249 248 return ERR_PTR(-EBADF); 250 249 251 250 /* Checks FD type and access right. */ 252 - if (fd_file(ruleset_f)->f_op != &ruleset_fops) { 253 - ruleset = ERR_PTR(-EBADFD); 254 - goto out_fdput; 255 - } 256 - if (!(fd_file(ruleset_f)->f_mode & mode)) { 257 - ruleset = ERR_PTR(-EPERM); 258 - goto out_fdput; 259 - } 251 + if (fd_file(ruleset_f)->f_op != &ruleset_fops) 252 + return ERR_PTR(-EBADFD); 253 + if (!(fd_file(ruleset_f)->f_mode & mode)) 254 + return ERR_PTR(-EPERM); 260 255 ruleset = fd_file(ruleset_f)->private_data; 261 - if (WARN_ON_ONCE(ruleset->num_layers != 1)) { 262 - ruleset = ERR_PTR(-EINVAL); 263 - goto out_fdput; 264 - } 256 + if (WARN_ON_ONCE(ruleset->num_layers != 1)) 257 + return ERR_PTR(-EINVAL); 265 258 landlock_get_ruleset(ruleset); 266 - 267 - out_fdput: 268 - fdput(ruleset_f); 269 259 return ruleset; 270 260 } 271 261 ··· 266 276 */ 267 277 static int get_path_from_fd(const s32 fd, struct path *const path) 268 278 { 269 - struct fd f; 270 - int err = 0; 279 + CLASS(fd_raw, f)(fd); 271 280 272 281 BUILD_BUG_ON(!__same_type( 273 282 fd, ((struct landlock_path_beneath_attr *)NULL)->parent_fd)); 274 283 275 - /* Handles O_PATH. */ 276 - f = fdget_raw(fd); 277 - if (!fd_file(f)) 284 + if (fd_empty(f)) 278 285 return -EBADF; 279 286 /* 280 287 * Forbids ruleset FDs, internal filesystems (e.g. nsfs), including ··· 282 295 (fd_file(f)->f_path.mnt->mnt_flags & MNT_INTERNAL) || 283 296 (fd_file(f)->f_path.dentry->d_sb->s_flags & SB_NOUSER) || 284 297 d_is_negative(fd_file(f)->f_path.dentry) || 285 - IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry))) { 286 - err = -EBADFD; 287 - goto out_fdput; 288 - } 298 + IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry))) 299 + return -EBADFD; 300 + 289 301 *path = fd_file(f)->f_path; 290 302 path_get(path); 291 - 292 - out_fdput: 293 - fdput(f); 294 - return err; 303 + return 0; 295 304 } 296 305 297 306 static int add_rule_path_beneath(struct landlock_ruleset *const ruleset,

+2 -6

security/loadpin/loadpin.c

··· 283 283 284 284 static int read_trusted_verity_root_digests(unsigned int fd) 285 285 { 286 - struct fd f; 287 286 void *data; 288 287 int rc; 289 288 char *p, *d; ··· 294 295 if (!list_empty(&dm_verity_loadpin_trusted_root_digests)) 295 296 return -EPERM; 296 297 297 - f = fdget(fd); 298 - if (!fd_file(f)) 298 + CLASS(fd, f)(fd); 299 + if (fd_empty(f)) 299 300 return -EINVAL; 300 301 301 302 data = kzalloc(SZ_4K, GFP_KERNEL); ··· 358 359 } 359 360 360 361 kfree(data); 361 - fdput(f); 362 362 363 363 return 0; 364 364 ··· 376 378 377 379 /* disallow further attempts after reading a corrupt/invalid file */ 378 380 deny_reading_verity_digests = true; 379 - 380 - fdput(f); 381 381 382 382 return rc; 383 383 }

+1 -1

sound/core/pcm_native.c

··· 2250 2250 bool nonatomic = substream->pcm->nonatomic; 2251 2251 CLASS(fd, f)(fd); 2252 2252 2253 - if (!fd_file(f)) 2253 + if (fd_empty(f)) 2254 2254 return -EBADFD; 2255 2255 if (!is_pcm_file(fd_file(f))) 2256 2256 return -EBADFD;

+3 -12

virt/kvm/eventfd.c

··· 304 304 kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args) 305 305 { 306 306 struct kvm_kernel_irqfd *irqfd, *tmp; 307 - struct fd f; 308 307 struct eventfd_ctx *eventfd = NULL, *resamplefd = NULL; 309 308 int ret; 310 309 __poll_t events; ··· 326 327 INIT_WORK(&irqfd->shutdown, irqfd_shutdown); 327 328 seqcount_spinlock_init(&irqfd->irq_entry_sc, &kvm->irqfds.lock); 328 329 329 - f = fdget(args->fd); 330 - if (!fd_file(f)) { 330 + CLASS(fd, f)(args->fd); 331 + if (fd_empty(f)) { 331 332 ret = -EBADF; 332 333 goto out; 333 334 } ··· 335 336 eventfd = eventfd_ctx_fileget(fd_file(f)); 336 337 if (IS_ERR(eventfd)) { 337 338 ret = PTR_ERR(eventfd); 338 - goto fail; 339 + goto out; 339 340 } 340 341 341 342 irqfd->eventfd = eventfd; ··· 439 440 #endif 440 441 441 442 srcu_read_unlock(&kvm->irq_srcu, idx); 442 - 443 - /* 444 - * do not drop the file until the irqfd is fully initialized, otherwise 445 - * we might race against the EPOLLHUP 446 - */ 447 - fdput(f); 448 443 return 0; 449 444 450 445 fail: ··· 450 457 451 458 if (eventfd && !IS_ERR(eventfd)) 452 459 eventfd_ctx_put(eventfd); 453 - 454 - fdput(f); 455 460 456 461 out: 457 462 kfree(irqfd);

+4 -10

virt/kvm/vfio.c

··· 190 190 { 191 191 struct kvm_vfio *kv = dev->private; 192 192 struct kvm_vfio_file *kvf; 193 - struct fd f; 193 + CLASS(fd, f)(fd); 194 194 int ret; 195 195 196 - f = fdget(fd); 197 - if (!fd_file(f)) 196 + if (fd_empty(f)) 198 197 return -EBADF; 199 198 200 199 ret = -ENOENT; ··· 219 220 kvm_vfio_update_coherency(dev); 220 221 221 222 mutex_unlock(&kv->lock); 222 - 223 - fdput(f); 224 - 225 223 return ret; 226 224 } 227 225 ··· 229 233 struct kvm_vfio_spapr_tce param; 230 234 struct kvm_vfio *kv = dev->private; 231 235 struct kvm_vfio_file *kvf; 232 - struct fd f; 233 236 int ret; 234 237 235 238 if (copy_from_user(&param, arg, sizeof(struct kvm_vfio_spapr_tce))) 236 239 return -EFAULT; 237 240 238 - f = fdget(param.groupfd); 239 - if (!fd_file(f)) 241 + CLASS(fd, f)(param.groupfd); 242 + if (fd_empty(f)) 240 243 return -EBADF; 241 244 242 245 ret = -ENOENT; ··· 261 266 262 267 err_fdput: 263 268 mutex_unlock(&kv->lock); 264 - fdput(f); 265 269 return ret; 266 270 } 267 271 #endif