NFS: Secure the roots of the NFS subtrees in a shared superblock

Invoke security_d_instantiate() on root dentries after allocating them with
dentry_alloc_anon().  Normally dentry_alloc_root() would do that, but we don't
call that as we don't want to assign a name to the root dentry at this point
(we may discover the real name later).

Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
index 977e59088eeb694f3ce51e5f4fd12789dec0dc71..76b08ae9ed82f49694f58ecbf84619ba1dbb259a 100644 (file)
--- a/fs/nfs/getroot.c
+++ b/fs/nfs/getroot.c
@@ -33,6 +33,7 @@
 #include <linux/vfs.h>
 #include <linux/namei.h>
 #include <linux/namespace.h>
+#include <linux/security.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -109,6 +110,8 @@ struct dentry *nfs_get_root(struct super_block *sb, struct nfs_fh *mntfh)
                return ERR_PTR(-ENOMEM);
        }
 
+       security_d_instantiate(mntroot, inode);
+
        if (!mntroot->d_op)
                mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops;
 
@@ -296,6 +299,8 @@ struct dentry *nfs4_get_root(struct super_block *sb, struct nfs_fh *mntfh)
                return ERR_PTR(-ENOMEM);
        }
 
+       security_d_instantiate(mntroot, inode);
+
        if (!mntroot->d_op)
                mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops;