mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-22 22:04:47 +08:00
nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid
Currently, preprocess_stateid_op calls nfs4_check_olstateid which verifies that the open stateid corresponds to the current filehandle in the call by calling nfs4_check_fh. If the stateid is a NFS4_DELEG_STID however, then no such check is done. This could cause incorrect enforcement of permissions, because the nfsd_permission() call in nfs4_check_file uses current the current filehandle, but any subsequent IO operation will use the file descriptor in the stateid. Move the call to nfs4_check_fh into nfs4_check_file instead so that it can be done for all stateid types. Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> Cc: stable@vger.kernel.org [bfields: moved fh check to avoid NULL deref in special stateid case] Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
1ca4b88e7d
commit
8fcd461db7
@ -4396,9 +4396,9 @@ laundromat_main(struct work_struct *laundry)
|
|||||||
queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
|
queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_ol_stateid *stp)
|
static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
|
||||||
{
|
{
|
||||||
if (!fh_match(&fhp->fh_handle, &stp->st_stid.sc_file->fi_fhandle))
|
if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
|
||||||
return nfserr_bad_stateid;
|
return nfserr_bad_stateid;
|
||||||
return nfs_ok;
|
return nfs_ok;
|
||||||
}
|
}
|
||||||
@ -4601,9 +4601,6 @@ nfs4_check_olstateid(struct svc_fh *fhp, struct nfs4_ol_stateid *ols, int flags)
|
|||||||
{
|
{
|
||||||
__be32 status;
|
__be32 status;
|
||||||
|
|
||||||
status = nfs4_check_fh(fhp, ols);
|
|
||||||
if (status)
|
|
||||||
return status;
|
|
||||||
status = nfsd4_check_openowner_confirmed(ols);
|
status = nfsd4_check_openowner_confirmed(ols);
|
||||||
if (status)
|
if (status)
|
||||||
return status;
|
return status;
|
||||||
@ -4690,6 +4687,9 @@ nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
|
|||||||
status = nfserr_bad_stateid;
|
status = nfserr_bad_stateid;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if (status)
|
||||||
|
goto out;
|
||||||
|
status = nfs4_check_fh(fhp, s);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
if (!status && filpp)
|
if (!status && filpp)
|
||||||
@ -4798,7 +4798,7 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
|
|||||||
status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
|
status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
|
||||||
if (status)
|
if (status)
|
||||||
return status;
|
return status;
|
||||||
return nfs4_check_fh(current_fh, stp);
|
return nfs4_check_fh(current_fh, &stp->st_stid);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user