tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull misc fixes from Al Viro:
"pick_file() speculation fix + fix for alpha mis(merge,cherry-pick)

The fs/file.c one is a genuine missing speculation barrier in
pick_file() (reachable e.g. via close(2)). The alpha one is strictly
speaking not a bug fix, but only because confusion between
preempt_enable() and preempt_disable() is harmless on architecture
without CONFIG_PREEMPT.

Looks like alpha.git picked the wrong version of patch - that braino
used to be there in early versions, but it had been fixed quite a
while ago..."

* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs: prevent out-of-bounds array speculation when closing a file descriptor
alpha: fix lazy-FPU mis(merged/applied/whatnot)

Linus Torvalds 4831f762 a0aefd30

+3 -2
+2 -2
arch/alpha/lib/fpreg.c
··· 23 23 24 24 if (unlikely(reg >= 32)) 25 25 return 0; 26 - preempt_enable(); 26 + preempt_disable(); 27 27 if (current_thread_info()->status & TS_SAVED_FP) 28 28 val = current_thread_info()->fp[reg]; 29 29 else switch (reg) { ··· 133 133 if (unlikely(reg >= 32)) 134 134 return 0; 135 135 136 - preempt_enable(); 136 + preempt_disable(); 137 137 if (current_thread_info()->status & TS_SAVED_FP) { 138 138 LDT(0, current_thread_info()->fp[reg]); 139 139 STS(0, val);
+1
fs/file.c
··· 642 642 if (fd >= fdt->max_fds) 643 643 return NULL; 644 644 645 + fd = array_index_nospec(fd, fdt->max_fds); 645 646 file = fdt->fd[fd]; 646 647 if (file) { 647 648 rcu_assign_pointer(fdt->fd[fd], NULL);