mirror of https://github.com/OpenIPC/firmware.git
118 lines
3.4 KiB
Diff
118 lines
3.4 KiB
Diff
diff -drupN a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
|
|
--- a/fs/nfsd/vfs.c 2018-08-06 17:23:04.000000000 +0300
|
|
+++ b/fs/nfsd/vfs.c 2022-06-12 05:28:14.000000000 +0300
|
|
@@ -30,6 +30,7 @@
|
|
#include <linux/exportfs.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/security.h>
|
|
+#include <linux/fivm.h>
|
|
|
|
#ifdef CONFIG_NFSD_V3
|
|
#include "xdr3.h"
|
|
@@ -75,14 +76,14 @@ struct raparm_hbucket {
|
|
#define RAPARM_HASH_MASK (RAPARM_HASH_SIZE-1)
|
|
static struct raparm_hbucket raparm_hash[RAPARM_HASH_SIZE];
|
|
|
|
-/*
|
|
- * Called from nfsd_lookup and encode_dirent. Check if we have crossed
|
|
+/*
|
|
+ * Called from nfsd_lookup and encode_dirent. Check if we have crossed
|
|
* a mount point.
|
|
* Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged,
|
|
* or nfs_ok having possibly changed *dpp and *expp
|
|
*/
|
|
int
|
|
-nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
|
|
+nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
|
|
struct svc_export **expp)
|
|
{
|
|
struct svc_export *exp = *expp, *exp2 = NULL;
|
|
@@ -656,7 +657,7 @@ nfsd_access(struct svc_rqst *rqstp, stru
|
|
case nfs_ok:
|
|
result |= map->access;
|
|
break;
|
|
-
|
|
+
|
|
/* the following error codes just mean the access was not allowed,
|
|
* rather than an error occurred */
|
|
case nfserr_rofs:
|
|
@@ -763,6 +764,15 @@ nfsd_open(struct svc_rqst *rqstp, struct
|
|
goto out_nfserr;
|
|
}
|
|
|
|
+#ifdef CONFIG_FILE_INTEGRITY
|
|
+ host_err = fivm_open_verify(
|
|
+ file,
|
|
+ path.dentry->d_name.name,
|
|
+ may_flags);
|
|
+ if (host_err)
|
|
+ goto out_nfserr;
|
|
+#endif
|
|
+
|
|
host_err = ima_file_check(file, may_flags, 0);
|
|
if (host_err) {
|
|
fput(file);
|
|
@@ -805,7 +815,7 @@ nfsd_init_raparms(struct file *file)
|
|
frap = rap;
|
|
}
|
|
depth = nfsdstats.ra_size;
|
|
- if (!frap) {
|
|
+ if (!frap) {
|
|
spin_unlock(&rab->pb_lock);
|
|
return NULL;
|
|
}
|
|
@@ -889,7 +899,7 @@ nfsd_finish_read(struct file *file, unsi
|
|
*count = host_err;
|
|
fsnotify_access(file);
|
|
return 0;
|
|
- } else
|
|
+ } else
|
|
return nfserrno(host_err);
|
|
}
|
|
|
|
@@ -1377,7 +1387,7 @@ do_nfsd_create(struct svc_rqst *rqstp, s
|
|
v_mtime = verifier[0]&0x7fffffff;
|
|
v_atime = verifier[1]&0x7fffffff;
|
|
}
|
|
-
|
|
+
|
|
if (d_really_is_positive(dchild)) {
|
|
err = 0;
|
|
|
|
@@ -1438,7 +1448,7 @@ do_nfsd_create(struct svc_rqst *rqstp, s
|
|
/* Cram the verifier into atime/mtime */
|
|
iap->ia_valid = ATTR_MTIME|ATTR_ATIME
|
|
| ATTR_MTIME_SET|ATTR_ATIME_SET;
|
|
- /* XXX someone who knows this better please fix it for nsec */
|
|
+ /* XXX someone who knows this better please fix it for nsec */
|
|
iap->ia_mtime.tv_sec = v_mtime;
|
|
iap->ia_atime.tv_sec = v_atime;
|
|
iap->ia_mtime.tv_nsec = 0;
|
|
@@ -1467,7 +1477,7 @@ do_nfsd_create(struct svc_rqst *rqstp, s
|
|
dput(dchild);
|
|
fh_drop_write(fhp);
|
|
return err;
|
|
-
|
|
+
|
|
out_nfserr:
|
|
err = nfserrno(host_err);
|
|
goto out;
|
|
@@ -1920,7 +1930,7 @@ static __be32 nfsd_buffered_readdir(stru
|
|
* The NFSv3/4 verifier we ignore for now.
|
|
*/
|
|
__be32
|
|
-nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp,
|
|
+nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp,
|
|
struct readdir_cd *cdp, nfsd_filldir_t func)
|
|
{
|
|
__be32 err;
|
|
@@ -2009,7 +2019,7 @@ nfsd_permission(struct svc_rqst *rqstp,
|
|
#endif
|
|
|
|
/* Normally we reject any write/sattr etc access on a read-only file
|
|
- * system. But if it is IRIX doing check on write-access for a
|
|
+ * system. But if it is IRIX doing check on write-access for a
|
|
* device special file, we ignore rofs.
|
|
*/
|
|
if (!(acc & NFSD_MAY_LOCAL_ACCESS))
|