On Thu, 13 Aug 2015 18:14:43 -0700 <[email protected]> wrote:
> > The patch below does not apply to the 4.1-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <[email protected]>. > > thanks, > > greg k-h > Thanks Greg, I think the simplest fix is to just take a0649b2d3fff (nfsd: refactor nfs4_preprocess_stateid_op) as a prerequisite. Christoph, do you forsee any problem with doing that? Thanks, Jeff > ------------------ original commit in Linus's tree ------------------ > > From 8fcd461db7c09337b6d2e22d25eb411123f379e3 Mon Sep 17 00:00:00 2001 > From: Jeff Layton <[email protected]> > Date: Thu, 30 Jul 2015 06:57:46 -0400 > Subject: [PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of > nfs4_check_olstateid > > Currently, preprocess_stateid_op calls nfs4_check_olstateid which > verifies that the open stateid corresponds to the current filehandle in the > call by calling nfs4_check_fh. > > If the stateid is a NFS4_DELEG_STID however, then no such check is done. > This could cause incorrect enforcement of permissions, because the > nfsd_permission() call in nfs4_check_file uses current the current > filehandle, but any subsequent IO operation will use the file descriptor > in the stateid. > > Move the call to nfs4_check_fh into nfs4_check_file instead so that it > can be done for all stateid types. > > Signed-off-by: Jeff Layton <[email protected]> > Cc: [email protected] > [bfields: moved fh check to avoid NULL deref in special stateid case] > Signed-off-by: J. Bruce Fields <[email protected]> > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > index 61dfb33f0559..95202719a1fd 100644 > --- a/fs/nfsd/nfs4state.c > +++ b/fs/nfsd/nfs4state.c > @@ -4396,9 +4396,9 @@ laundromat_main(struct work_struct *laundry) > queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ); > } > > -static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct > nfs4_ol_stateid *stp) > +static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp) > { > - if (!fh_match(&fhp->fh_handle, &stp->st_stid.sc_file->fi_fhandle)) > + if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle)) > return nfserr_bad_stateid; > return nfs_ok; > } > @@ -4601,9 +4601,6 @@ nfs4_check_olstateid(struct svc_fh *fhp, struct > nfs4_ol_stateid *ols, int flags) > { > __be32 status; > > - status = nfs4_check_fh(fhp, ols); > - if (status) > - return status; > status = nfsd4_check_openowner_confirmed(ols); > if (status) > return status; > @@ -4690,6 +4687,9 @@ nfs4_preprocess_stateid_op(struct svc_rqst *rqstp, > status = nfserr_bad_stateid; > break; > } > + if (status) > + goto out; > + status = nfs4_check_fh(fhp, s); > > done: > if (!status && filpp) > @@ -4798,7 +4798,7 @@ static __be32 nfs4_seqid_op_checks(struct > nfsd4_compound_state *cstate, stateid_ > status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, > nfsd4_has_session(cstate)); > if (status) > return status; > - return nfs4_check_fh(current_fh, stp); > + return nfs4_check_fh(current_fh, &stp->st_stid); > } > > /* > -- Jeff Layton <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
