diff options
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/auth.c | 4 | ||||
| -rw-r--r-- | fs/nfsd/nfssvc.c | 2 | ||||
| -rw-r--r-- | fs/nfsd/vfs.c | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 5573508f707f..36fcabbf5186 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
| @@ -34,6 +34,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 34 | int flags = nfsexp_flags(rqstp, exp); | 34 | int flags = nfsexp_flags(rqstp, exp); |
| 35 | int ret; | 35 | int ret; |
| 36 | 36 | ||
| 37 | validate_process_creds(); | ||
| 38 | |||
| 37 | /* discard any old override before preparing the new set */ | 39 | /* discard any old override before preparing the new set */ |
| 38 | revert_creds(get_cred(current->real_cred)); | 40 | revert_creds(get_cred(current->real_cred)); |
| 39 | new = prepare_creds(); | 41 | new = prepare_creds(); |
| @@ -86,8 +88,10 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 86 | else | 88 | else |
| 87 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, | 89 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, |
| 88 | new->cap_permitted); | 90 | new->cap_permitted); |
| 91 | validate_process_creds(); | ||
| 89 | put_cred(override_creds(new)); | 92 | put_cred(override_creds(new)); |
| 90 | put_cred(new); | 93 | put_cred(new); |
| 94 | validate_process_creds(); | ||
| 91 | return 0; | 95 | return 0; |
| 92 | 96 | ||
| 93 | oom: | 97 | oom: |
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 492c79b7800b..24d58adfe5fd 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c | |||
| @@ -496,7 +496,9 @@ nfsd(void *vrqstp) | |||
| 496 | /* Lock the export hash tables for reading. */ | 496 | /* Lock the export hash tables for reading. */ |
| 497 | exp_readlock(); | 497 | exp_readlock(); |
| 498 | 498 | ||
| 499 | validate_process_creds(); | ||
| 499 | svc_process(rqstp); | 500 | svc_process(rqstp); |
| 501 | validate_process_creds(); | ||
| 500 | 502 | ||
| 501 | /* Unlock export hash tables */ | 503 | /* Unlock export hash tables */ |
| 502 | exp_readunlock(); | 504 | exp_readunlock(); |
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 23341c1063bc..8fa09bfbcba7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c | |||
| @@ -684,6 +684,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | |||
| 684 | __be32 err; | 684 | __be32 err; |
| 685 | int host_err; | 685 | int host_err; |
| 686 | 686 | ||
| 687 | validate_process_creds(); | ||
| 688 | |||
| 687 | /* | 689 | /* |
| 688 | * If we get here, then the client has already done an "open", | 690 | * If we get here, then the client has already done an "open", |
| 689 | * and (hopefully) checked permission - so allow OWNER_OVERRIDE | 691 | * and (hopefully) checked permission - so allow OWNER_OVERRIDE |
| @@ -740,6 +742,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | |||
| 740 | out_nfserr: | 742 | out_nfserr: |
| 741 | err = nfserrno(host_err); | 743 | err = nfserrno(host_err); |
| 742 | out: | 744 | out: |
| 745 | validate_process_creds(); | ||
| 743 | return err; | 746 | return err; |
| 744 | } | 747 | } |
| 745 | 748 | ||