Skip to content

Commit 774adcb

Browse files
braunerbrauner
committed
fhandle: hoist copy_from_user() above get_path_from_fd()
In follow-up patches we need access to @file_handle->handle_type before we start caring about get_path_from_fd(). Link: https://lore.kernel.org/20250624-work-pidfs-fhandle-v2-2-d02a04858fe3@kernel.org Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
1 parent cc678bf commit 774adcb

1 file changed

Lines changed: 14 additions & 21 deletions

File tree

fs/fhandle.c

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -323,13 +323,24 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
323323
{
324324
int retval = 0;
325325
struct file_handle f_handle;
326-
struct file_handle *handle = NULL;
326+
struct file_handle *handle __free(kfree) = NULL;
327327
struct handle_to_path_ctx ctx = {};
328328
const struct export_operations *eops;
329329

330+
if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle)))
331+
return -EFAULT;
332+
333+
if ((f_handle.handle_bytes > MAX_HANDLE_SZ) ||
334+
(f_handle.handle_bytes == 0))
335+
return -EINVAL;
336+
337+
if (f_handle.handle_type < 0 ||
338+
FILEID_USER_FLAGS(f_handle.handle_type) & ~FILEID_VALID_USER_FLAGS)
339+
return -EINVAL;
340+
330341
retval = get_path_from_fd(mountdirfd, &ctx.root);
331342
if (retval)
332-
goto out_err;
343+
return retval;
333344

334345
eops = ctx.root.mnt->mnt_sb->s_export_op;
335346
if (eops && eops->permission)
@@ -339,21 +350,6 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
339350
if (retval)
340351
goto out_path;
341352

342-
if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle))) {
343-
retval = -EFAULT;
344-
goto out_path;
345-
}
346-
if ((f_handle.handle_bytes > MAX_HANDLE_SZ) ||
347-
(f_handle.handle_bytes == 0)) {
348-
retval = -EINVAL;
349-
goto out_path;
350-
}
351-
if (f_handle.handle_type < 0 ||
352-
FILEID_USER_FLAGS(f_handle.handle_type) & ~FILEID_VALID_USER_FLAGS) {
353-
retval = -EINVAL;
354-
goto out_path;
355-
}
356-
357353
handle = kmalloc(struct_size(handle, f_handle, f_handle.handle_bytes),
358354
GFP_KERNEL);
359355
if (!handle) {
@@ -366,7 +362,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
366362
&ufh->f_handle,
367363
f_handle.handle_bytes)) {
368364
retval = -EFAULT;
369-
goto out_handle;
365+
goto out_path;
370366
}
371367

372368
/*
@@ -384,11 +380,8 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
384380
handle->handle_type &= ~FILEID_USER_FLAGS_MASK;
385381
retval = do_handle_to_path(handle, path, &ctx);
386382

387-
out_handle:
388-
kfree(handle);
389383
out_path:
390384
path_put(&ctx.root);
391-
out_err:
392385
return retval;
393386
}
394387

0 commit comments

Comments
 (0)