From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB5A0C433DF for ; Tue, 7 Jul 2020 15:28:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 89017206F6 for ; Tue, 7 Jul 2020 15:28:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135723; bh=1Z+7no7gf04ZuYcu1e6IVYtdl7iOtPRL5GHl8583tg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=x0bAMJIp90PF/hkWt0t1Qb5s0SCYkTj8an7MCNerbzQnNwTAQMLZMzizgXdPuuq0S LISAV8TzlmwBgbCD3k+cXLjB9OaLInwvhvh5atXe6GkH4xSknLHvpNY0kdE0Z0gCee nbQISE9UN02+hTvZUgrOHjI81Tghr2DLxAnw2C4s= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730228AbgGGP2m (ORCPT ); Tue, 7 Jul 2020 11:28:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:40124 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729891AbgGGPZz (ORCPT ); Tue, 7 Jul 2020 11:25:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7A655207D0; Tue, 7 Jul 2020 15:25:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135555; bh=1Z+7no7gf04ZuYcu1e6IVYtdl7iOtPRL5GHl8583tg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2kcvzb+eCjtjCg6Fefg701r351dOvz8R9FTV7vZ5NRBCu6QfShKg1fboLHapT9tL5 G1Rz7n4iIbPJ4iApBYfR+qRrtnFqels9FWoOEzevHBFj9kIXWivpvNWx2Or2DjZccp kbVkNn6Z10h/W0hwhDqYSecGjSaBwA/SqKKbDY/A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 5.7 086/112] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:17:31 +0200 Message-Id: <20200707145805.073625596@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145800.925304888@linuxfoundation.org> References: <20200707145800.925304888@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);