]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
nfsd: avoid permission checks on EXCLUSIVE_CREATE replay
authorNeil Brown <neilb@suse.de>
Fri, 7 Dec 2012 20:40:55 +0000 (15:40 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 11 Jan 2013 17:06:55 +0000 (09:06 -0800)
commit 7007c90fb9fef593b4aeaeee57e6a6754276c97c upstream.

With NFSv4, if we create a file then open it we explicit avoid checking
the permissions on the file during the open because the fact that we
created it ensures we should be allow to open it (the create and the
open should appear to be a single operation).

However if the reply to an EXCLUSIVE create gets lots and the client
resends the create, the current code will perform the permission check -
because it doesn't realise that it did the open already..

This patch should fix this.

Note that I haven't actually seen this cause a problem.  I was just
looking at the code trying to figure out a different EXCLUSIVE open
related issue, and this looked wrong.

(Fix confirmed with pynfs 4.0 test OPEN4--bfields)

Signed-off-by: NeilBrown <neilb@suse.de>
[bfields: use OWNER_OVERRIDE and update for 4.1]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/nfsd/nfs4proc.c
fs/nfsd/vfs.c

index 987e719fbae8c64f2776f914e7f4104ee04be492..dd0308d65f663c9642ad6e6aac8240e3a2d680e6 100644 (file)
@@ -194,6 +194,7 @@ static __be32
 do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
 {
        struct svc_fh *resfh;
+       int accmode;
        __be32 status;
 
        resfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
@@ -253,9 +254,10 @@ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_o
        /* set reply cache */
        fh_copy_shallow(&open->op_openowner->oo_owner.so_replay.rp_openfh,
                        &resfh->fh_handle);
-       if (!open->op_created)
-               status = do_open_permission(rqstp, resfh, open,
-                                           NFSD_MAY_NOP);
+       accmode = NFSD_MAY_NOP;
+       if (open->op_created)
+               accmode |= NFSD_MAY_OWNER_OVERRIDE;
+       status = do_open_permission(rqstp, resfh, open, accmode);
        set_change_info(&open->op_cinfo, current_fh);
        fh_dup2(current_fh, resfh);
 out:
index 568666156ea4f59525d67207551ee8c45a3b730e..f03160106b9569d43e63cc5acc35962f2d169f78 100644 (file)
@@ -1477,13 +1477,19 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
                case NFS3_CREATE_EXCLUSIVE:
                        if (   dchild->d_inode->i_mtime.tv_sec == v_mtime
                            && dchild->d_inode->i_atime.tv_sec == v_atime
-                           && dchild->d_inode->i_size  == 0 )
+                           && dchild->d_inode->i_size  == 0 ) {
+                               if (created)
+                                       *created = 1;
                                break;
+                       }
                case NFS4_CREATE_EXCLUSIVE4_1:
                        if (   dchild->d_inode->i_mtime.tv_sec == v_mtime
                            && dchild->d_inode->i_atime.tv_sec == v_atime
-                           && dchild->d_inode->i_size  == 0 )
+                           && dchild->d_inode->i_size  == 0 ) {
+                               if (created)
+                                       *created = 1;
                                goto set_attr;
+                       }
                         /* fallthru */
                case NFS3_CREATE_GUARDED:
                        err = nfserr_exist;