From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7138C433E0 for ; Tue, 7 Jul 2020 15:34:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7C7F420663 for ; Tue, 7 Jul 2020 15:34:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594136050; bh=Nw05yyms+dL37Vxoz1oy/1BvjPadV0/lGa/L8xOJlUs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=bl3M32xBL96JZAKk0d9FHb5JryR576P17mtGCd27zLeKQFjZc8NRCxiB3iWfSPoKf g8kpv/jY4ibr1Pe9D3feBYji9zQo9PEvm1qrcK/jSAhAbgK/i8FuEcqrkTGCZ3rEbN lAsymvwgZx9eFQPNPOJ65KevCk42eYaSxtIoo7dE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729035AbgGGPTc (ORCPT ); Tue, 7 Jul 2020 11:19:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:59282 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729342AbgGGPTb (ORCPT ); Tue, 7 Jul 2020 11:19:31 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FAEF2065D; Tue, 7 Jul 2020 15:19:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135170; bh=Nw05yyms+dL37Vxoz1oy/1BvjPadV0/lGa/L8xOJlUs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SahrpoJlWbwaYZXmucI+51bKwfsxhP5GpL41/dKXSmV6olBByB1tBvg2uPqkvkXYB 6u7EUBNWdORw8bHZm8AteCnmH71b4ku7Gpt7HRDQ+S3hnyzWmCQqc1nlTqANVBfFvj wLfdcF3nw+tu+KC0s0346WK28LXjR4hajIiI2wF4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 4.19 27/36] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:17:19 +0200 Message-Id: <20200707145750.449013671@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145749.130272978@linuxfoundation.org> References: <20200707145749.130272978@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1206,6 +1206,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1439,6 +1442,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);