Commit bbea34e6 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull vfs fix from Al Viro:
 "do_dup2() out-of-bounds array speculation fix"

* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  protect the fetch of ->fd[fd] in do_dup2() from mispredictions
parents c0ecd638 8aa37bde
...@@ -1248,6 +1248,7 @@ __releases(&files->file_lock) ...@@ -1248,6 +1248,7 @@ __releases(&files->file_lock)
* tables and this condition does not arise without those. * tables and this condition does not arise without those.
*/ */
fdt = files_fdtable(files); fdt = files_fdtable(files);
fd = array_index_nospec(fd, fdt->max_fds);
tofree = fdt->fd[fd]; tofree = fdt->fd[fd];
if (!tofree && fd_is_open(fd, fdt)) if (!tofree && fd_is_open(fd, fdt))
goto Ebusy; goto Ebusy;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment