With adding __counted_by(handle_bytes) to struct file_handle, we need
to explicitly set it in the one place it wasn't yet happening prior to
accessing the flex array "f_handle".
Fixes: 1b43c4629756 ("fs: Annotate struct file_handle with __counted_by() and use struct_size()")
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
Cc: Christian Brauner <brauner@xxxxxxxxxx>
Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx>
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
Cc: Chuck Lever <chuck.lever@xxxxxxxxxx>
Cc: Jeff Layton <jlayton@xxxxxxxxxx>
Cc: Amir Goldstein <amir73il@xxxxxxxxx>
Cc: linux-fsdevel@xxxxxxxxxxxxxxx
Cc: linux-nfs@xxxxxxxxxxxxxxx
Cc: linux-hardening@xxxxxxxxxxxxxxx
---
fs/fhandle.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/fhandle.c b/fs/fhandle.c
index 53ed54711cd2..08ec2340dd22 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -40,6 +40,7 @@ static long do_sys_name_to_handle(const struct path *path,
GFP_KERNEL);
if (!handle)
return -ENOMEM;
+ handle->handle_bytes = f_handle.handle_bytes;
/* convert handle size to multiple of sizeof(u32) */
handle_dwords = f_handle.handle_bytes >> 2;
--
2.34.1
