From: Jeff Layton <jlayton@kernel.org>
To: cel@kernel.org, Neil Brown <neilb@suse.de>,
Olga Kornievskaia <okorniev@redhat.com>,
Dai Ngo <dai.ngo@oracle.com>, Tom Talpey <tom@talpey.com>
Cc: linux-nfs@vger.kernel.org, Chuck Lever <chuck.lever@oracle.com>
Subject: Re: [RFC PATCH] NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock()
Date: Fri, 11 Oct 2024 08:32:51 -0400 [thread overview]
Message-ID: <dac8ba057c22856485d15882d27dfb697b9f6bea.camel@kernel.org> (raw)
In-Reply-To: <20241010153331.143845-2-cel@kernel.org>
On Thu, 2024-10-10 at 11:33 -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
>
> NFSv4 LOCK operations should not avoid the set of authorization
> checks that apply to all other NFSv4 operations. Also, the
> "no_auth_nlm" export option should apply only to NLM LOCK requests.
> It's not necessary or sensible to apply it to NFSv4 LOCK operations.
>
> The replacement MAY bit mask,
> "NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE", comes from the access
> bits that are set in nfsd_permission() when the caller has set
> NFSD_MAY_LOCK.
>
> Reported-by: NeilBrown <neilb@suse.de>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
> fs/nfsd/nfs4state.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 9c2b1d251ab3..3f2c11414390 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -7967,11 +7967,10 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
> if (check_lock_length(lock->lk_offset, lock->lk_length))
> return nfserr_inval;
>
> - if ((status = fh_verify(rqstp, &cstate->current_fh,
> - S_IFREG, NFSD_MAY_LOCK))) {
> - dprintk("NFSD: nfsd4_lock: permission denied!\n");
> + status = fh_verify(rqstp, &cstate->current_fh, S_IFREG,
> + NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE);
> + if (status != nfs_ok)
> return status;
> - }
> sb = cstate->current_fh.fh_dentry->d_sb;
>
> if (lock->lk_is_new) {
I would say this warrants a comment as to why you're not using
NFSD_MAY_LOCK here, but Neil's renaming patch takes care of that.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
prev parent reply other threads:[~2024-10-11 12:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-10 15:33 [RFC PATCH] NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() cel
2024-10-10 20:54 ` NeilBrown
2024-10-11 14:10 ` Chuck Lever
2024-10-11 20:53 ` NeilBrown
2024-10-11 20:58 ` Chuck Lever
2024-10-11 21:10 ` NeilBrown
2024-10-11 12:32 ` Jeff Layton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dac8ba057c22856485d15882d27dfb697b9f6bea.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=okorniev@redhat.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox