fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / nfsctl.c
blob1c72c7f85ddc183ae24103baa80dafeee7a47a04
1 /*
2 * fs/nfsctl.c
4 * This should eventually move to userland.
6 */
7 #include <linux/config.h>
8 #include <linux/types.h>
9 #include <linux/file.h>
10 #include <linux/fs.h>
11 #include <linux/sunrpc/svc.h>
12 #include <linux/nfsd/nfsd.h>
13 #include <linux/nfsd/syscall.h>
14 #include <linux/linkage.h>
15 #include <linux/namei.h>
16 #include <linux/mount.h>
17 #include <linux/syscalls.h>
18 #include <asm/uaccess.h>
21 * open a file on nfsd fs
24 static struct file *do_open(char *name, int flags)
26 struct nameidata nd;
27 int error;
29 nd.mnt = do_kern_mount("nfsd", 0, "nfsd", NULL);
31 if (IS_ERR(nd.mnt))
32 return (struct file *)nd.mnt;
34 nd.dentry = dget(nd.mnt->mnt_root);
35 nd.last_type = LAST_ROOT;
36 nd.flags = 0;
37 nd.depth = 0;
39 error = path_walk(name, &nd);
40 if (error)
41 return ERR_PTR(error);
43 if (flags == O_RDWR)
44 error = may_open(&nd,MAY_READ|MAY_WRITE,FMODE_READ|FMODE_WRITE);
45 else
46 error = may_open(&nd, MAY_WRITE, FMODE_WRITE);
48 if (!error)
49 return dentry_open(nd.dentry, nd.mnt, flags);
51 path_release(&nd);
52 return ERR_PTR(error);
55 static struct {
56 char *name; int wsize; int rsize;
57 } map[] = {
58 [NFSCTL_SVC] = {
59 .name = ".svc",
60 .wsize = sizeof(struct nfsctl_svc)
62 [NFSCTL_ADDCLIENT] = {
63 .name = ".add",
64 .wsize = sizeof(struct nfsctl_client)
66 [NFSCTL_DELCLIENT] = {
67 .name = ".del",
68 .wsize = sizeof(struct nfsctl_client)
70 [NFSCTL_EXPORT] = {
71 .name = ".export",
72 .wsize = sizeof(struct nfsctl_export)
74 [NFSCTL_UNEXPORT] = {
75 .name = ".unexport",
76 .wsize = sizeof(struct nfsctl_export)
78 [NFSCTL_GETFD] = {
79 .name = ".getfd",
80 .wsize = sizeof(struct nfsctl_fdparm),
81 .rsize = NFS_FHSIZE
83 [NFSCTL_GETFS] = {
84 .name = ".getfs",
85 .wsize = sizeof(struct nfsctl_fsparm),
86 .rsize = sizeof(struct knfsd_fh)
90 long
91 asmlinkage sys_nfsservctl(int cmd, struct nfsctl_arg __user *arg, void __user *res)
93 struct file *file;
94 void __user *p = &arg->u;
95 int version;
96 int err;
98 if (copy_from_user(&version, &arg->ca_version, sizeof(int)))
99 return -EFAULT;
101 if (version != NFSCTL_VERSION)
102 return -EINVAL;
104 if (cmd < 0 || cmd >= sizeof(map)/sizeof(map[0]) || !map[cmd].name)
105 return -EINVAL;
107 file = do_open(map[cmd].name, map[cmd].rsize ? O_RDWR : O_WRONLY);
108 if (IS_ERR(file))
109 return PTR_ERR(file);
110 err = file->f_op->write(file, p, map[cmd].wsize, &file->f_pos);
111 if (err >= 0 && map[cmd].rsize)
112 err = file->f_op->read(file, res, map[cmd].rsize, &file->f_pos);
113 if (err >= 0)
114 err = 0;
115 fput(file);
116 return err;