[PATCH] spufs: check for proper file pointer in sys_spu_run Only checking for SPUFS_MAGIC is not reliable, because it might not be unique in theory. Worse than that, we accidentally allow spu_run to be performed on any file in spufs, not just those returned from spu_create as intended. Noticed by Al Viro. Signed-off-by: Arnd Bergmann <arndb@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>

commit: e80358ad8606382154d97165121602dfae213e4a [log] [tgz]
author: Arnd Bergmann <arnd@arndb.de> Wed Jan 04 20:31:23 2006 +0100
committer: Paul Mackerras <paulus@samba.org> Mon Jan 09 15:44:38 2006 +1100
tree: b63e3e21cd0f4c1c086f958d05c6fa3298408746
parent: c8ca0633e5f2bceab7b4eba4475820fd7674dece [diff] [blame]
diff --git a/arch/powerpc/platforms/cell/spufs/syscalls.c b/arch/powerpc/platforms/cell/spufs/syscalls.c
index 17a2b51..0c2896a 100644
--- a/arch/powerpc/platforms/cell/spufs/syscalls.c
+++ b/arch/powerpc/platforms/cell/spufs/syscalls.c

@@ -39,8 +39,9 @@
 	if (get_user(npc, unpc) || get_user(status, ustatus))
 		goto out;
 
+	/* check if this file was created by spu_create */
 	ret = -EINVAL;
-	if (filp->f_vfsmnt->mnt_sb->s_magic != SPUFS_MAGIC)
+	if (filp->f_op != &spufs_context_fops)
 		goto out;
 
 	i = SPUFS_I(filp->f_dentry->d_inode);
commit	e80358ad8606382154d97165121602dfae213e4a	[log] [tgz]
author	Arnd Bergmann <arnd@arndb.de>	Wed Jan 04 20:31:23 2006 +0100
committer	Paul Mackerras <paulus@samba.org>	Mon Jan 09 15:44:38 2006 +1100
tree	b63e3e21cd0f4c1c086f958d05c6fa3298408746
parent	c8ca0633e5f2bceab7b4eba4475820fd7674dece [diff] [blame]