mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-04 12:20:49 -05:00
46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
|
From 8dfc8b9e8432f50606820b40a7d63618d9d61a07 Mon Sep 17 00:00:00 2001
|
||
|
From: Sasha Levin <sasha.levin@oracle.com>
|
||
|
Date: Wed, 28 Jan 2015 15:30:43 -0500
|
||
|
Subject: vfs: read file_handle only once in handle_to_path
|
||
|
|
||
|
commit 161f873b89136eb1e69477c847d5a5033239d9ba upstream.
|
||
|
|
||
|
We used to read file_handle twice. Once to get the amount of extra
|
||
|
bytes, and once to fetch the entire structure.
|
||
|
|
||
|
This may be problematic since we do size verifications only after the
|
||
|
first read, so if the number of extra bytes changes in userspace between
|
||
|
the first and second calls, we'll have an incoherent view of
|
||
|
file_handle.
|
||
|
|
||
|
Instead, read the constant size once, and copy that over to the final
|
||
|
structure without having to re-read it again.
|
||
|
|
||
|
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||
|
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
||
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||
|
---
|
||
|
fs/fhandle.c | 5 +++--
|
||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/fs/fhandle.c b/fs/fhandle.c
|
||
|
index 6b08864..c9e18f3 100644
|
||
|
--- a/fs/fhandle.c
|
||
|
+++ b/fs/fhandle.c
|
||
|
@@ -196,8 +196,9 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
|
||
|
goto out_err;
|
||
|
}
|
||
|
/* copy the full handle */
|
||
|
- if (copy_from_user(handle, ufh,
|
||
|
- sizeof(struct file_handle) +
|
||
|
+ *handle = f_handle;
|
||
|
+ if (copy_from_user(&handle->f_handle,
|
||
|
+ &ufh->f_handle,
|
||
|
f_handle.handle_bytes)) {
|
||
|
retval = -EFAULT;
|
||
|
goto out_handle;
|
||
|
--
|
||
|
cgit v1.1
|
||
|
|