linux-hardened/fs/nfsd
Jeff Layton 8fcd461db7 nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid
Currently, preprocess_stateid_op calls nfs4_check_olstateid which
verifies that the open stateid corresponds to the current filehandle in the
call by calling nfs4_check_fh.

If the stateid is a NFS4_DELEG_STID however, then no such check is done.
This could cause incorrect enforcement of permissions, because the
nfsd_permission() call in nfs4_check_file uses current the current
filehandle, but any subsequent IO operation will use the file descriptor
in the stateid.

Move the call to nfs4_check_fh into nfs4_check_file instead so that it
can be done for all stateid types.

Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Cc: stable@vger.kernel.org
[bfields: moved fh check to avoid NULL deref in special stateid case]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-07-31 16:30:26 -04:00
..
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c nfsd: silence sparse warning about accessing credentials 2014-07-17 16:15:35 -04:00
auth.h nfsd: Remove nfsd_luid, nfsd_lgid, nfsd_ruid and nfsd_rgid 2013-02-13 06:15:51 -08:00
blocklayout.c nfsd/blocklayout: pretend we can send deviceid notifications 2015-05-04 12:02:37 -04:00
blocklayoutxdr.c NFSD: Printk blocklayout length and offset as format 0x%llx 2015-03-25 21:13:02 -04:00
blocklayoutxdr.h nfsd: pNFS block layout driver 2015-02-05 14:35:18 +01:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h nfsd41: use current stateid by value 2012-02-15 11:20:45 -05:00
export.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
export.h nfsd: implement pNFS operations 2015-02-02 18:09:42 +01:00
fault_inject.c nfsd: remove old fault injection infrastructure 2014-08-05 10:55:10 -04:00
idmap.h nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
Kconfig Merge branch 'for-4.1' of git://linux-nfs.org/~bfields/linux 2015-04-24 07:46:05 -07:00
lockd.c nfsd: Remove deprecated nfsctl system call and related code. 2011-07-15 18:58:42 -04:00
Makefile nfsd: pNFS block layout driver 2015-02-05 14:35:18 +01:00
netns.h nfsd: add some comments to the nfsd4 object definitions 2014-08-05 16:09:20 -04:00
nfs2acl.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3acl.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3xdr.c nfsd: stop READDIRPLUS returning inconsistent attributes 2015-05-07 11:47:00 -04:00
nfs4acl.c nfsd: use swap() in sort_pacl_range() 2015-06-19 15:39:50 -04:00
nfs4callback.c nfsd: Update callback sequnce id only CB_SEQUENCE success 2015-06-04 16:51:30 -04:00
nfs4idmap.c NFSD: Full checking of authentication name 2014-09-03 17:43:03 -04:00
nfs4layouts.c nfsd: Fix a file leak on nfsd4_layout_setlease failure 2015-07-20 14:58:22 -04:00
nfs4proc.c nfsd: fput rd_file from XDR encode context 2015-06-22 14:15:04 -04:00
nfs4recover.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs4state.c nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid 2015-07-31 16:30:26 -04:00
nfs4xdr.c nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem 2015-07-20 14:58:22 -04:00
nfscache.c NFSD: Error out when register_shrinker() fail 2015-03-20 12:44:00 -04:00
nfsctl.c nfsd: fix nsfd startup race triggering BUG_ON 2015-04-21 16:16:03 -04:00
nfsd.h nfsd: eliminate NFSD_DEBUG 2015-04-21 16:16:02 -04:00
nfsfh.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfsfh.h VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfsproc.c nfsd: Disable NFSv2 timestamp workaround for NFSv3+ 2015-05-29 11:04:01 -04:00
nfssvc.c nfsd: default NFSv4.2 to on 2015-02-09 14:58:50 -05:00
nfsxdr.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
pnfs.h nfsd4: fix v3-less build 2015-02-16 11:43:13 -05:00
state.h nfsd: take struct file setup fully into nfs4_preprocess_stateid_op 2015-06-22 14:15:03 -04:00
stats.c nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
trace.c nfsd: add trace events 2015-02-02 18:09:44 +01:00
trace.h nfsd: add trace events 2015-02-02 18:09:44 +01:00
vfs.c nfsd: take struct file setup fully into nfs4_preprocess_stateid_op 2015-06-22 14:15:03 -04:00
vfs.h nfsd: take struct file setup fully into nfs4_preprocess_stateid_op 2015-06-22 14:15:03 -04:00
xdr.h nfsd: handle vfs_getattr errors in acl protocol 2013-02-26 02:46:09 -05:00
xdr3.h nfsd: fix encode_entryplus_baggage stack usage 2014-01-23 13:50:27 -05:00
xdr4.h nfsd: take struct file setup fully into nfs4_preprocess_stateid_op 2015-06-22 14:15:03 -04:00
xdr4cb.h nfsd: implement pNFS layout recalls 2015-02-02 18:09:43 +01:00