Apologies if this has been answered before, however...
In nfsd_write() we have:
if (file) {
err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE);
if (err)
goto out;
err = nfsd_vfs_write(rqstp, fhp, file, offset, vec, vlen, cnt,
stablep);
} else {
So if a 'file' is already available - because the request came via NFSv4 and
there was a valid state id, and a 'struct file' was associated with that
state - we still call nfsd_permission().
Is that really needed? The permission check will have been performed at open
- it shouldn't be needed again now.
With NFSv3 we have to check permission at each IO, and this is slightly
different from POSIX semantics. We shouldn't have to with NFSv4... should we?
The particular issue that brought this to my attention is that "chattr +i" -
to make a file immutable - is not supposed to affect current opens, only
future opens. But a current open over NFSv4 is affected.
Is there some reason that we cannot just remove that nfsd_permission() check?
Thanks,
NeilBrown
Attachment:
pgpsBtmiNXk5Y.pgp
Description: OpenPGP digital signature
