Google Git
Sign in
kunit/linux/b85e4676344fc4d7ec5e0f62c3d3712e48bbe223^!/./fs/lockd/svcproc.c
commit
b85e4676344fc4d7ec5e0f62c3d3712e48bbe223
[log]
author
Chuck Lever <chuck.lever@oracle.com>
Fri Oct 03 12:50:44 2008 -0400
committer
J. Bruce Fields <bfields@citi.umich.edu>
Fri Oct 03 17:02:35 2008 -0400
tree
a2a6c0226ea0f72536477dff2e123245a3621d9d
parent
dcff09f124f71d1d4fe61eb63c79e52f488ac22e [diff] [blame]
lockd: Add helper to sanity check incoming NOTIFY requests

lockd accepts SM_NOTIFY calls only from a privileged process on the
local system.  If lockd uses an AF_INET6 listener, the sender's address
(ie the local rpc.statd) will be the IPv6 loopback address, not the
IPv4 loopback address.

Make sure the privilege test in nlmsvc_proc_sm_notify() and
nlm4svc_proc_sm_notify() works for both AF_INET and AF_INET6 family
addresses by refactoring the test into a helper and adding support for
IPv6 addresses.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
index 935ce96..548b0bb 100644
--- a/fs/lockd/svcproc.c
+++ b/fs/lockd/svcproc.c

@@ -453,11 +453,9 @@
 {
 	struct sockaddr_in	saddr;
 
-	memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
-
 	dprintk("lockd: SM_NOTIFY     called\n");
-	if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
-	 || ntohs(saddr.sin_port) >= 1024) {
+
+	if (!nlm_privileged_requester(rqstp)) {
 		char buf[RPC_MAX_ADDRBUFLEN];
 		printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
 				svc_print_addr(rqstp, buf, sizeof(buf)));