From: Pekka Enberg <penberg@cs.helsinki.fi>

Fix a zero-length kmalloc in the case where there is nothing to revoke.

Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/revoke.c |   21 +++++++++------------
 1 files changed, 9 insertions(+), 12 deletions(-)

diff -puN fs/revoke.c~revoke-core-code-fix-zero-length-kmalloc fs/revoke.c
--- a/fs/revoke.c~revoke-core-code-fix-zero-length-kmalloc
+++ a/fs/revoke.c
@@ -547,22 +547,12 @@ static struct fileset *__alloc_revoke_fs
 	return NULL;
 }
 
-static struct fileset *alloc_revoke_fset(struct inode *inode, struct file *to_exclude)
-{
-	unsigned long nr_fds;
-
-	read_lock(&tasklist_lock);
-	nr_fds = inode_fds(inode, to_exclude);
-	read_unlock(&tasklist_lock);
-
-	return __alloc_revoke_fset(nr_fds);
-}
-
 static int do_revoke(struct inode *inode, struct file *to_exclude)
 {
 	struct revoke_details details;
 	struct fileset *fset = NULL;
 	struct task_struct *g, *p;
+	unsigned long nr_fds;
 	int err = 0;
 
 	if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) {
@@ -576,11 +566,18 @@ static int do_revoke(struct inode *inode
 		goto out;
 	}
 
+	read_lock(&tasklist_lock);
+	nr_fds = inode_fds(inode, to_exclude);
+	read_unlock(&tasklist_lock);
+
+	if (!nr_fds)
+		goto out;
+
 	/*
 	 * Pre-allocate memory because the first pass is done under
 	 * tasklist_lock.
 	 */
-	fset = alloc_revoke_fset(inode, to_exclude);
+	fset = __alloc_revoke_fset(nr_fds);
 	if (!fset) {
 		err = -ENOMEM;
 		goto out;
_