/[linux-patches]/genpatches-2.6/trunk/2.6.18/1905_nfs4-owner-override.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.18/1905_nfs4-owner-override.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 686 - (show annotations) (download)
Sat Oct 21 03:36:19 2006 UTC (11 years, 1 month ago) by dsd
File size: 2939 byte(s)
Fix NFSv4 permission behaviour
1 From: J. Bruce Fields <bfields@fieldses.org>
2 Date: Tue, 17 Oct 2006 07:10:13 +0000 (-0700)
3 Subject: [PATCH] knfsd: nfsd4: fix owner-override on open
4 X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dc730e173785e29b297aa605786c94adaffe2544
5
6 [PATCH] knfsd: nfsd4: fix owner-override on open
7
8 If a client creates a file using an open which sets the mode to 000, or if a
9 chmod changes permissions after a file is opened, then situations may arise
10 where an NFS client knows that some IO is permitted (because a process holds
11 the file open), but the NFS server does not (because it doesn't know about the
12 open, and only sees that the IO conflicts with the current mode of the file).
13
14 As a hack to solve this problem, NFS servers normally allow the owner to
15 override permissions on IO. The client can still enforce correct
16 permissions-checking on open by performing an explicit access check.
17
18 In NFSv4 the client can rely on the explicit on-the-wire open instead of an
19 access check.
20
21 Therefore we should not be allowing the owner to override permissions on an
22 over-the-wire open!
23
24 However, we should still allow the owner to override permissions in the case
25 where the client is claiming an open that it already made either before a
26 reboot, or while it was holding a delegation.
27
28 Thanks to Jim Rees for reporting the bug.
29
30 Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
31 Signed-off-by: Neil Brown <neilb@suse.de>
32 Signed-off-by: Andrew Morton <akpm@osdl.org>
33 Signed-off-by: Linus Torvalds <torvalds@osdl.org>
34 ---
35
36 --- a/fs/nfsd/nfs4proc.c
37 +++ b/fs/nfsd/nfs4proc.c
38 @@ -68,20 +68,18 @@ fh_dup2(struct svc_fh *dst, struct svc_f
39 }
40
41 static int
42 -do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
43 +do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open, int accmode)
44 {
45 - int accmode, status;
46 + int status;
47
48 if (open->op_truncate &&
49 !(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
50 return nfserr_inval;
51
52 - accmode = MAY_NOP;
53 if (open->op_share_access & NFS4_SHARE_ACCESS_READ)
54 - accmode = MAY_READ;
55 + accmode |= MAY_READ;
56 if (open->op_share_deny & NFS4_SHARE_ACCESS_WRITE)
57 accmode |= (MAY_WRITE | MAY_TRUNC);
58 - accmode |= MAY_OWNER_OVERRIDE;
59
60 status = fh_verify(rqstp, current_fh, S_IFREG, accmode);
61
62 @@ -124,7 +122,7 @@ do_open_lookup(struct svc_rqst *rqstp, s
63 &resfh.fh_handle.fh_base,
64 resfh.fh_handle.fh_size);
65
66 - status = do_open_permission(rqstp, current_fh, open);
67 + status = do_open_permission(rqstp, current_fh, open, MAY_NOP);
68 }
69
70 fh_put(&resfh);
71 @@ -155,7 +153,7 @@ do_open_fhandle(struct svc_rqst *rqstp,
72 open->op_truncate = (open->op_iattr.ia_valid & ATTR_SIZE) &&
73 (open->op_iattr.ia_size == 0);
74
75 - status = do_open_permission(rqstp, current_fh, open);
76 + status = do_open_permission(rqstp, current_fh, open, MAY_OWNER_OVERRIDE);
77
78 return status;
79 }

  ViewVC Help
Powered by ViewVC 1.1.20