On Fri, Jul 24, 2020 at 3:18 AM Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote: > > On Thu, Jul 23, 2020 at 9:02 PM Theodore Ts'o <tytso@xxxxxxx> wrote: > > > > Google-Bug-Id: 114199369 > > Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> > > Tested-by: Sedat Dilek <sedat.dilek@xxxxxxxxx> # Linux v5.8-rc6+ > Ping. What is the status of this patch? - Sedat - > > > --- > > fs/file.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/fs/file.c b/fs/file.c > > index abb8b7081d7a..73189eaad1df 100644 > > --- a/fs/file.c > > +++ b/fs/file.cfs: prevent out-of-bounds array speculation when closing a file descriptor > > @@ -632,6 +632,7 @@ int __close_fd(struct files_struct *files, unsigned fd) > > fdt = files_fdtable(files); > > if (fd >= fdt->max_fds) > > goto out_unlock;fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor fs: prevent out-of-bounds array speculation when closing a file descriptor > > + fd = array_index_nospec(fd, fdt->max_fds); > > file = fdt->fd[fd]; > > if (!file) > > goto out_unlock; > > -- > > 2.24.1 > >
