FAILED: patch "[PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of" failed to apply to 4.1-stable tree

FAILED: patch "[PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of" failed to apply to 4.1-stable tree

[gregkh]

The patch below does not apply to the 4.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 8fcd461db7c09337b6d2e22d25eb411123f379e3 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@poochiereds.net>
Date: Thu, 30 Jul 2015 06:57:46 -0400
Subject: [PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of
 nfs4_check_olstateid

Currently, preprocess_stateid_op calls nfs4_check_olstateid which
verifies that the open stateid corresponds to the current filehandle in the
call by calling nfs4_check_fh.

If the stateid is a NFS4_DELEG_STID however, then no such check is done.
This could cause incorrect enforcement of permissions, because the
nfsd_permission() call in nfs4_check_file uses current the current
filehandle, but any subsequent IO operation will use the file descriptor
in the stateid.

Move the call to nfs4_check_fh into nfs4_check_file instead so that it
can be done for all stateid types.

Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Cc: stable@vger.kernel.org
[bfields: moved fh check to avoid NULL deref in special stateid case]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 61dfb33f0559..95202719a1fd 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4396,9 +4396,9 @@ laundromat_main(struct work_struct *laundry)
 	queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
 }
 
-static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_ol_stateid *stp)
+static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
 {
-	if (!fh_match(&fhp->fh_handle, &stp->st_stid.sc_file->fi_fhandle))
+	if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
 		return nfserr_bad_stateid;
 	return nfs_ok;
 }
@@ -4601,9 +4601,6 @@ nfs4_check_olstateid(struct svc_fh *fhp, struct nfs4_ol_stateid *ols, int flags)
 {
 	__be32 status;
 
-	status = nfs4_check_fh(fhp, ols);
-	if (status)
-		return status;
 	status = nfsd4_check_openowner_confirmed(ols);
 	if (status)
 		return status;
@@ -4690,6 +4687,9 @@ nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
 		status = nfserr_bad_stateid;
 		break;
 	}
+	if (status)
+		goto out;
+	status = nfs4_check_fh(fhp, s);
 
 done:
 	if (!status && filpp)
@@ -4798,7 +4798,7 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
 	status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
 	if (status)
 		return status;
-	return nfs4_check_fh(current_fh, stp);
+	return nfs4_check_fh(current_fh, &stp->st_stid);
 }
 
 /* 

Re: FAILED: patch "[PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of" failed to apply to 4.1-stable tree

[Jeff Layton]

On Thu, 13 Aug 2015 18:14:43 -0700
<gregkh@linuxfoundation.org> wrote:

> 
> The patch below does not apply to the 4.1-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
> 
> thanks,
> 
> greg k-h
> 

Thanks Greg,

I think the simplest fix is to just take a0649b2d3fff (nfsd: refactor
nfs4_preprocess_stateid_op) as a prerequisite. Christoph, do you forsee
any problem with doing that?

Thanks,
Jeff

> ------------------ original commit in Linus's tree ------------------
> 
> From 8fcd461db7c09337b6d2e22d25eb411123f379e3 Mon Sep 17 00:00:00 2001
> From: Jeff Layton <jlayton@poochiereds.net>
> Date: Thu, 30 Jul 2015 06:57:46 -0400
> Subject: [PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of
>  nfs4_check_olstateid
> 
> Currently, preprocess_stateid_op calls nfs4_check_olstateid which
> verifies that the open stateid corresponds to the current filehandle in the
> call by calling nfs4_check_fh.
> 
> If the stateid is a NFS4_DELEG_STID however, then no such check is done.
> This could cause incorrect enforcement of permissions, because the
> nfsd_permission() call in nfs4_check_file uses current the current
> filehandle, but any subsequent IO operation will use the file descriptor
> in the stateid.
> 
> Move the call to nfs4_check_fh into nfs4_check_file instead so that it
> can be done for all stateid types.
> 
> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
> Cc: stable@vger.kernel.org
> [bfields: moved fh check to avoid NULL deref in special stateid case]
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> 
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 61dfb33f0559..95202719a1fd 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -4396,9 +4396,9 @@ laundromat_main(struct work_struct *laundry)
>  	queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
>  }
>  
> -static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_ol_stateid *stp)
> +static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
>  {
> -	if (!fh_match(&fhp->fh_handle, &stp->st_stid.sc_file->fi_fhandle))
> +	if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
>  		return nfserr_bad_stateid;
>  	return nfs_ok;
>  }
> @@ -4601,9 +4601,6 @@ nfs4_check_olstateid(struct svc_fh *fhp, struct nfs4_ol_stateid *ols, int flags)
>  {
>  	__be32 status;
>  
> -	status = nfs4_check_fh(fhp, ols);
> -	if (status)
> -		return status;
>  	status = nfsd4_check_openowner_confirmed(ols);
>  	if (status)
>  		return status;
> @@ -4690,6 +4687,9 @@ nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
>  		status = nfserr_bad_stateid;
>  		break;
>  	}
> +	if (status)
> +		goto out;
> +	status = nfs4_check_fh(fhp, s);
>  
>  done:
>  	if (!status && filpp)
> @@ -4798,7 +4798,7 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
>  	status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
>  	if (status)
>  		return status;
> -	return nfs4_check_fh(current_fh, stp);
> +	return nfs4_check_fh(current_fh, &stp->st_stid);
>  }
>  
>  /* 
> 


-- 
Jeff Layton <jlayton@poochiereds.net>

Re: FAILED: patch "[PATCH] nfsd: do nfs4_check_fh in nfs4_check_file instead of" failed to apply to 4.1-stable tree

[Greg KH]

On Fri, Aug 14, 2015 at 07:39:26AM -0400, Jeff Layton wrote:
> On Thu, 13 Aug 2015 18:14:43 -0700
> <gregkh@linuxfoundation.org> wrote:
> 
> > 
> > The patch below does not apply to the 4.1-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> 
> Thanks Greg,
> 
> I think the simplest fix is to just take a0649b2d3fff (nfsd: refactor
> nfs4_preprocess_stateid_op) as a prerequisite. Christoph, do you forsee
> any problem with doing that?

That works for me, I've now applied both of these, thanks.

greg k-h