Re: [PATCH] nfs: do not deny execute access based on outdated mode in inode

Donald Buczek <buczek@xxxxxxxxxxxxx> · Sun, 27 Dec 2015 00:58:31 +0100

On 26.12.2015 19:36, Trond Myklebust wrote:
On Fri, Dec 25, 2015 at 7:30 AM, Donald Buczek <buczek@xxxxxxxxxxxxx> wrote:
This patch fixes a problem, that a nfs4 client incorrectly denies
execute access based on outdated file mode (missing 'x' bit).
After the mode on the server is 'fixed' (chmod +x) further execution
attempts continue to fail, because the nfs ACCESS call updates
the access parameter but not the mode parameter or the mode in
the inode.

The access check based on the file mode is not required, because
the server already verified the clients rights.

Remove the test.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109771
Signed-off-by: Donald Buczek <buczek@xxxxxxxxxxxxx>
---
  fs/nfs/dir.c | 3 ---
  1 file changed, 3 deletions(-)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index ce5a218..ffc25b0 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2481,9 +2481,6 @@ force_lookup:
                         res = PTR_ERR(cred);
         }
  out:
-       if (!res && (mask & MAY_EXEC) && !execute_ok(inode))
-               res = -EACCES;
-
         dfprintk(VFS, "NFS: permission(%s/%lu), mask=0x%x, res=%d\n",
                 inode->i_sb->s_id, inode->i_ino, mask, res);
         return res;

My main question here is why the client isn't picking up the changed
mode bits here? All open() calls should be asking for the full set of
attributes as part of the OPEN COMPOUND rpc call.

Cheers
   Trond

Its from fs/namei.c do_last() :

finish_open_created:
        error = may_open(&nd->path, acc_mode, open_flag);
        if (error)
                goto out;

        BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */
        error = vfs_open(&nd->path, file, current_cred());


may_open() -> inode_permission() -> __inode_permission() -> 
do_inode_permission() ->  inode->i_op->permission() -> nfs_permission() 
first

vfs_open() -> do_dentry_open() -> inode->i_fop->open() -> 
nfs4_file_open() later


Merry Christmas

  Donald


--
Donald Buczek
buczek@xxxxxxxxxxxxx
Tel: +49 30 8413 1433

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






