* [PATCH v2] NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock()
@ 2024-10-13 20:02 cel
0 siblings, 0 replies; only message in thread
From: cel @ 2024-10-13 20:02 UTC (permalink / raw)
To: Neil Brown, Jeff Layton, Olga Kornievskaia, Dai Ngo, Tom Talpey
Cc: linux-nfs, Chuck Lever
From: Chuck Lever <chuck.lever@oracle.com>
NFSv4 LOCK operations should not avoid the set of authorization
checks that apply to all other NFSv4 operations. Also, the
"no_auth_nlm" export option should apply only to NLM LOCK requests.
It's not necessary or sensible to apply it to NFSv4 LOCK operations.
Instead, set no permission bits when calling fh_verify(). Subsequent
stateid processing handles authorization checks.
Reported-by: NeilBrown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
fs/nfsd/nfs4state.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
This passes the nfstest lock tests and the git regression tests.
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 73c4b983c048..b6f395927aca 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -7964,11 +7964,9 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
if (check_lock_length(lock->lk_offset, lock->lk_length))
return nfserr_inval;
- if ((status = fh_verify(rqstp, &cstate->current_fh,
- S_IFREG, NFSD_MAY_LOCK))) {
- dprintk("NFSD: nfsd4_lock: permission denied!\n");
+ status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
+ if (status != nfs_ok)
return status;
- }
sb = cstate->current_fh.fh_dentry->d_sb;
if (lock->lk_is_new) {
--
2.46.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-10-13 20:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-13 20:02 [PATCH v2] NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() cel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox