Commit dc730e17 authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Linus Torvalds
Browse files

[PATCH] knfsd: nfsd4: fix owner-override on open 



If a client creates a file using an open which sets the mode to 000, or if a
chmod changes permissions after a file is opened, then situations may arise
where an NFS client knows that some IO is permitted (because a process holds
the file open), but the NFS server does not (because it doesn't know about the
open, and only sees that the IO conflicts with the current mode of the file).

As a hack to solve this problem, NFS servers normally allow the owner to
override permissions on IO.  The client can still enforce correct
permissions-checking on open by performing an explicit access check.

In NFSv4 the client can rely on the explicit on-the-wire open instead of an
access check.

Therefore we should not be allowing the owner to override permissions on an
over-the-wire open!

However, we should still allow the owner to override permissions in the case
where the client is claiming an open that it already made either before a
reboot, or while it was holding a delegation.

Thanks to Jim Rees for reporting the bug.

Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarNeil Brown <neilb@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e956edd0

fs/nfsd/nfs4proc.c

+5 −7
Original line number Diff line number Diff line
@@ -68,20 +68,18 @@ fh_dup2(struct svc_fh *dst, struct svc_fh *src) 
}



static int

do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)

do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open, int accmode)

{

	int accmode, status;

	int status;



	if (open->op_truncate &&

		!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))

		return nfserr_inval;



	accmode = MAY_NOP;

	if (open->op_share_access & NFS4_SHARE_ACCESS_READ)

		accmode = MAY_READ;

		accmode |= MAY_READ;

	if (open->op_share_deny & NFS4_SHARE_ACCESS_WRITE)

		accmode |= (MAY_WRITE | MAY_TRUNC);

	accmode |= MAY_OWNER_OVERRIDE;



	status = fh_verify(rqstp, current_fh, S_IFREG, accmode);
@@ -124,7 +122,7 @@ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_o 
				&resfh.fh_handle.fh_base,

				resfh.fh_handle.fh_size);



		status = do_open_permission(rqstp, current_fh, open);

		status = do_open_permission(rqstp, current_fh, open, MAY_NOP);

	}



	fh_put(&resfh);
@@ -155,7 +153,7 @@ do_open_fhandle(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_ 
	open->op_truncate = (open->op_iattr.ia_valid & ATTR_SIZE) &&

		(open->op_iattr.ia_size == 0);



	status = do_open_permission(rqstp, current_fh, open);

	status = do_open_permission(rqstp, current_fh, open, MAY_OWNER_OVERRIDE);



	return status;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE