* Stephen D. Smalley (sdsat_private) wrote: > > It turns out that nfsd_open in 2.4 directly sets up the struct file > rather than using init_private_file, unlike nfsd_open in 2.5. Hence, > our changes to init_private_file don't solve the problem in the > current 2.4 version. > > Attached is a quick fix to allocate a file security structure if one has not > already been allocated when file_permission is called. The preferred solution > would be to back port the 2.5 changes to use init_private_file in nfsd_open so > that the file security structure will be allocated during setup. This patch is backported directly from the 2.5 tree, plus it uses release_private_file(). If no objections, I'll add this to tree. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net --- 1.12/fs/nfsd/vfs.c Tue Oct 29 00:35:57 2002 +++ edited/fs/nfsd/vfs.c Thu Dec 19 01:06:10 2002 @@ -427,11 +427,13 @@ { struct dentry *dentry; struct inode *inode; - int err; + int flags = O_RDONLY|O_LARGEFILE, mode = FMODE_READ, err; - /* If we get here, then the client has already done an "open", and (hopefully) - * checked permission - so allow OWNER_OVERRIDE in case a chmod has now revoked - * permission */ + /* + * If we get here, then the client has already done an "open", + * and (hopefully) checked permission - so allow OWNER_OVERRIDE + * in case a chmod has now revoked permission. + */ err = fh_verify(rqstp, fhp, type, access | MAY_OWNER_OVERRIDE); if (err) goto out; @@ -456,37 +458,24 @@ if (err) goto out_nfserr; - if ((access & MAY_WRITE) && (err = get_write_access(inode)) != 0) - goto out_nfserr; - - memset(filp, 0, sizeof(*filp)); - filp->f_op = fops_get(inode->i_fop); - atomic_set(&filp->f_count, 1); - filp->f_dentry = dentry; - filp->f_vfsmnt = fhp->fh_export->ex_mnt; if (access & MAY_WRITE) { - filp->f_flags = O_WRONLY|O_LARGEFILE; - filp->f_mode = FMODE_WRITE; + err = get_write_access(inode); + if (err) + goto out_nfserr; + + flags = O_WRONLY|O_LARGEFILE; + mode = FMODE_WRITE; + DQUOT_INIT(inode); - } else { - filp->f_flags = O_RDONLY|O_LARGEFILE; - filp->f_mode = FMODE_READ; } - err = 0; - if (filp->f_op && filp->f_op->open) { - err = filp->f_op->open(inode, filp); - if (err) { - fops_put(filp->f_op); - if (access & MAY_WRITE) - put_write_access(inode); - - /* I nearly added put_filp() call here, but this filp - * is really on callers stack frame. -DaveM - */ - atomic_dec(&filp->f_count); - } - } + err = init_private_file(filp, dentry, mode); + if (!err) { + filp->f_flags = flags; + filp->f_vfsmnt = fhp->fh_export->ex_mnt; + } else if (access & MAY_WRITE) + put_write_access(inode); + out_nfserr: if (err) err = nfserrno(err); @@ -503,9 +492,7 @@ struct dentry *dentry = filp->f_dentry; struct inode *inode = dentry->d_inode; - if (filp->f_op && filp->f_op->release) - filp->f_op->release(inode, filp); - fops_put(filp->f_op); + release_private_file(filp); if (filp->f_mode & FMODE_WRITE) put_write_access(inode); } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:36:47 PST