Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor
@ 2020-07-23 18:59 Theodore Ts'o
  2020-07-24  1:18 ` Sedat Dilek
  0 siblings, 1 reply; 4+ messages in thread
From: Theodore Ts'o @ 2020-07-23 18:59 UTC (permalink / raw)
  To: viro; +Cc: Linux Filesystem Development List, Theodore Ts'o

Google-Bug-Id: 114199369
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/file.c b/fs/file.c
index abb8b7081d7a..73189eaad1df 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -632,6 +632,7 @@ int __close_fd(struct files_struct *files, unsigned fd)
 	fdt = files_fdtable(files);
 	if (fd >= fdt->max_fds)
 		goto out_unlock;
+	fd = array_index_nospec(fd, fdt->max_fds);
 	file = fdt->fd[fd];
 	if (!file)
 		goto out_unlock;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor
  2020-07-23 18:59 [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor Theodore Ts'o
@ 2020-07-24  1:18 ` Sedat Dilek
  2021-01-08 12:59   ` Sedat Dilek
  0 siblings, 1 reply; 4+ messages in thread
From: Sedat Dilek @ 2020-07-24  1:18 UTC (permalink / raw)
  To: Theodore Ts'o; +Cc: viro, Linux Filesystem Development List

On Thu, Jul 23, 2020 at 9:02 PM Theodore Ts'o <tytso@mit.edu> wrote:
>
> Google-Bug-Id: 114199369
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Linux v5.8-rc6+

- Sedat -

> ---
>  fs/file.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fs/file.c b/fs/file.c
> index abb8b7081d7a..73189eaad1df 100644
> --- a/fs/file.c
> +++ b/fs/file.c
> @@ -632,6 +632,7 @@ int __close_fd(struct files_struct *files, unsigned fd)
>         fdt = files_fdtable(files);
>         if (fd >= fdt->max_fds)
>                 goto out_unlock;
> +       fd = array_index_nospec(fd, fdt->max_fds);
>         file = fdt->fd[fd];
>         if (!file)
>                 goto out_unlock;
> --
> 2.24.1
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor
  2020-07-24  1:18 ` Sedat Dilek
@ 2021-01-08 12:59   ` Sedat Dilek
  2021-04-08 12:15     ` Sedat Dilek
  0 siblings, 1 reply; 4+ messages in thread
From: Sedat Dilek @ 2021-01-08 12:59 UTC (permalink / raw)
  To: Theodore Ts'o; +Cc: viro, Linux Filesystem Development List

On Fri, Jul 24, 2020 at 3:18 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
>
> On Thu, Jul 23, 2020 at 9:02 PM Theodore Ts'o <tytso@mit.edu> wrote:
> >
> > Google-Bug-Id: 114199369
> > Signed-off-by: Theodore Ts'o <tytso@mit.edu>
>
> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Linux v5.8-rc6+
>

Ping.

What is the status of this patch?

 - Sedat -

>
> > ---
> >  fs/file.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/fs/file.c b/fs/file.c
> > index abb8b7081d7a..73189eaad1df 100644
> > --- a/fs/file.c
> > +++ b/fs/file.cfs: prevent out-of-bounds array speculation when closing a file descriptor
> > @@ -632,6 +632,7 @@ int __close_fd(struct files_struct *files, unsigned fd)
> >         fdt = files_fdtable(files);
> >         if (fd >= fdt->max_fds)
> >                 goto out_unlock;fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor
> > +       fd = array_index_nospec(fd, fdt->max_fds);
> >         file = fdt->fd[fd];
> >         if (!file)
> >                 goto out_unlock;
> > --
> > 2.24.1
> >

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor
  2021-01-08 12:59   ` Sedat Dilek
@ 2021-04-08 12:15     ` Sedat Dilek
  0 siblings, 0 replies; 4+ messages in thread
From: Sedat Dilek @ 2021-04-08 12:15 UTC (permalink / raw)
  To: Theodore Ts'o; +Cc: viro, Linux Filesystem Development List

On Fri, Jan 8, 2021 at 1:59 PM Sedat Dilek <sedat.dilek@gmail.com> wrote:
>
> On Fri, Jul 24, 2020 at 3:18 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
> >
> > On Thu, Jul 23, 2020 at 9:02 PM Theodore Ts'o <tytso@mit.edu> wrote:
> > >
> > > Google-Bug-Id: 114199369
> > > Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> >
> > Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Linux v5.8-rc6+
> >
>
> Ping.
>
> What is the status of this patch?
>

Friendly ping again.

- Sedat -

>
> >
> > > ---
> > >  fs/file.c | 1 +
> > >  1 file changed, 1 insertion(+)
> > >
> > > diff --git a/fs/file.c b/fs/file.c
> > > index abb8b7081d7a..73189eaad1df 100644
> > > --- a/fs/file.c
> > > +++ b/fs/file.cfs: prevent out-of-bounds array speculation when closing a file descriptor
> > > @@ -632,6 +632,7 @@ int __close_fd(struct files_struct *files, unsigned fd)
> > >         fdt = files_fdtable(files);
> > >         if (fd >= fdt->max_fds)
> > >                 goto out_unlock;fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor
> > > +       fd = array_index_nospec(fd, fdt->max_fds);
> > >         file = fdt->fd[fd];
> > >         if (!file)
> > >                 goto out_unlock;
> > > --
> > > 2.24.1
> > >

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-04-08 12:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-23 18:59 [PATCH] fs: prevent out-of-bounds array speculation when closing a file descriptor Theodore Ts'o
2020-07-24  1:18 ` Sedat Dilek
2021-01-08 12:59   ` Sedat Dilek
2021-04-08 12:15     ` Sedat Dilek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).