Re: [PATCH] nfsd: Return EPERM on utime/utimes/lutimes calls instead of EACCESS in some cases

"J. Bruce Fields" <bfields@xxxxxxxxxxxx> · Tue, 4 Dec 2018 20:37:17 -0500

On Wed, Dec 05, 2018 at 09:04:22AM +0800, zhengbin (A) wrote:
> thanks,
> >>> As the man(3) page for utime/utimes/lutimes, EPERM is returned
> 
> -------->this should be As the man page for utime/utimes/lutimes, my little mistake. utime/utimes are man(2), lutimes is man(3)
> 
> I send v2 patch?Or when you apply, help modify it?

Does this look OK?

--b.

commit eb6d67589750
Author: zhengbin <zhengbin13@xxxxxxxxxx>
Date:   Fri Nov 30 16:04:25 2018 +0800

    nfsd: Return EPERM, not EACCES, in some SETATTR cases
    
    As the man(2) page for utime/utimes states, EPERM is returned when the
    second parameter of utime/utimes/lutimes is not NULL, the caller's
    effective UID does not match the owner of the file, and the caller is
    not privileged.
    
    However, in a NFS directory mounted from knfsd, it will return EACCES
    (from nfsd_setattr-> fh_verify->nfsd_permission).  This patch fixes
    that.
    
    Signed-off-by: zhengbin <zhengbin13@xxxxxxxxxx>
    Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index eb67098117b4..9824e32b2f23 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -396,10 +396,23 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
 	bool		get_write_count;
 	bool		size_change = (iap->ia_valid & ATTR_SIZE);
 
-	if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
+	if (iap->ia_valid & ATTR_SIZE) {
 		accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
-	if (iap->ia_valid & ATTR_SIZE)
 		ftype = S_IFREG;
+	}
+
+	/*
+	 * If utimes(2) and friends are called with times not NULL, we should
+	 * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission
+	 * will return EACCESS, when the caller's effective UID does not match
+	 * the owner of the file, and the caller is not privileged. In this
+	 * situation, we should return EPERM(notify_change will return this).
+	 */
+	if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) {
+		accmode |= NFSD_MAY_OWNER_OVERRIDE;
+		if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET)))
+			accmode |= NFSD_MAY_WRITE;
+	}
 
 	/* Callers that do fh_verify should do the fh_want_write: */
 	get_write_count = !fhp->fh_dentry;






