git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vfs, fdtable: Prevent bounds-check bypass via speculative execution
[pandora-kernel.git] / include / linux / fdtable.h
diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h
index 82163c4..5a14de6 100644 (file)
--- a/include/linux/fdtable.h
+++ b/include/linux/fdtable.h
@@ -9,6 +9,7 @@
 #include <linux/compiler.h>
 #include <linux/spinlock.h>
 #include <linux/rcupdate.h>
 #include <linux/compiler.h>
 #include <linux/spinlock.h>
 #include <linux/rcupdate.h>
+#include <linux/nospec.h>
 #include <linux/types.h>
 #include <linux/init.h>
 #include <linux/fs.h>
 #include <linux/types.h>
 #include <linux/init.h>
 #include <linux/fs.h>
@@ -85,8 +86,10 @@ static inline struct file * fcheck_files(struct files_struct *files, unsigned in
        struct file * file = NULL;
        struct fdtable *fdt = files_fdtable(files);
 
        struct file * file = NULL;
        struct fdtable *fdt = files_fdtable(files);
 
-       if (fd < fdt->max_fds)
+       if (fd < fdt->max_fds) {
+               fd = array_index_nospec(fd, fdt->max_fds);
                file = rcu_dereference_check_fdtable(files, fdt->fd[fd]);
                file = rcu_dereference_check_fdtable(files, fdt->fd[fd]);
+       }
        return file;
 }
 
        return file;
 }
 
Pandora Kernel Repository