From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Elliott Mitchell <ehem+debian@m5p.com>,
Salvatore Bonaccorso <carnil@debian.org>,
"J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 4.14 19/27] nfsd: apply umask on fs without ACL support
Date: Tue, 7 Jul 2020 17:15:46 +0200 [thread overview]
Message-ID: <20200707145749.870230772@linuxfoundation.org> (raw)
In-Reply-To: <20200707145748.944863698@linuxfoundation.org>
From: J. Bruce Fields <bfields@redhat.com>
commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream.
The server is failing to apply the umask when creating new objects on
filesystems without ACL support.
To reproduce this, you need to use NFSv4.2 and a client and server
recent enough to support umask, and you need to export a filesystem that
lacks ACL support (for example, ext4 with the "noacl" mount option).
Filesystems with ACL support are expected to take care of the umask
themselves (usually by calling posix_acl_create).
For filesystems without ACL support, this is up to the caller of
vfs_create(), vfs_mknod(), or vfs_mkdir().
Reported-by: Elliott Mitchell <ehem+debian@m5p.com>
Reported-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Fixes: 47057abde515 ("nfsd: add support for the umask attribute")
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/vfs.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1202,6 +1202,9 @@ nfsd_create_locked(struct svc_rqst *rqst
iap->ia_mode = 0;
iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
+ if (!IS_POSIXACL(dirp))
+ iap->ia_mode &= ~current_umask();
+
err = 0;
host_err = 0;
switch (type) {
@@ -1413,6 +1416,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s
goto out;
}
+ if (!IS_POSIXACL(dirp))
+ iap->ia_mode &= ~current_umask();
+
host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
if (host_err < 0) {
fh_drop_write(fhp);
next prev parent reply other threads:[~2020-07-07 15:16 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-07 15:15 [PATCH 4.14 00/27] 4.14.188-rc1 review Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 01/27] btrfs: fix a block group ref counter leak after failure to remove block group Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 02/27] btrfs: cow_file_range() num_bytes and disk_num_bytes are same Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 03/27] btrfs: fix data block group relocation failure due to concurrent scrub Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 04/27] mm: fix swap cache node allocation mask Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 05/27] EDAC/amd64: Read back the scrub rate PCI register on F15h Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 06/27] usbnet: smsc95xx: Fix use-after-free after removal Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 07/27] mm/slub.c: fix corrupted freechain in deactivate_slab() Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 08/27] mm/slub: fix stack overruns with SLUB_STATS Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 09/27] usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 10/27] kgdb: Avoid suspicious RCU usage warning Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 11/27] crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 12/27] cxgb4: use unaligned conversion for fetching timestamp Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 13/27] cxgb4: parse TC-U32 key values and masks natively Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 14/27] hwmon: (max6697) Make sure the OVERT mask is set correctly Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 15/27] hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 16/27] drm: sun4i: hdmi: Remove extra HPD polling Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 17/27] virtio-blk: free vblk-vqs in error path of virtblk_probe() Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 18/27] i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 Greg Kroah-Hartman
2020-07-07 15:15 ` Greg Kroah-Hartman [this message]
2020-07-07 15:15 ` [PATCH 4.14 20/27] Revert "ALSA: usb-audio: Improve frames size computation" Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 21/27] SMB3: Honor seal flag for multiuser mounts Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 22/27] SMB3: Honor persistent/resilient handle flags " Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 23/27] cifs: Fix the target file was deleted when rename failed Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 24/27] MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 25/27] irqchip/gic: Atomically update affinity Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 26/27] dm zoned: assign max_io_len correctly Greg Kroah-Hartman
2020-07-07 15:15 ` [PATCH 4.14 27/27] efi: Make it possible to disable efivar_ssdt entirely Greg Kroah-Hartman
2020-07-08 6:32 ` [PATCH 4.14 00/27] 4.14.188-rc1 review Naresh Kamboju
2020-07-08 8:40 ` Jon Hunter
2020-07-08 15:09 ` Shuah Khan
2020-07-08 17:52 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200707145749.870230772@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bfields@redhat.com \
--cc=carnil@debian.org \
--cc=ehem+debian@m5p.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).