From: Chuck Lever <chuck.lever@xxxxxxxxxx>
commit abc02e5602f7bf9bbae1e8999570a2ad5114578c upstream.
I noticed LAYOUTGET(LAYOUTIOMODE4_RW) returning NFS4ERR_ACCESS
unexpectedly. The NFS client had created a file with mode 0444, and
the server had returned a write delegation on the OPEN(CREATE). The
client was requesting a RW layout using the write delegation stateid
so that it could flush file modifications.
Creating a read-only file does not seem to be problematic for
NFSv4.1 without pNFS, so I began looking at NFSD's implementation of
LAYOUTGET.
The failure was because fh_verify() was doing a permission check as
part of verifying the FH presented during the LAYOUTGET. It uses the
loga_iomode value to specify the @accmode argument to fh_verify().
fh_verify(MAY_WRITE) on a file whose mode is 0444 fails with -EACCES.
To permit LAYOUT* operations in this case, add OWNER_OVERRIDE when
checking the access permission of the incoming file handle for
LAYOUTGET and LAYOUTCOMMIT.
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: stable@xxxxxxxxxxxxxxx # v6.6+
Message-Id: 4E9C0D74-A06D-4DC3-A48A-73034DC40395@xxxxxxxxxx
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/nfsd/nfs4proc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -2269,7 +2269,7 @@ nfsd4_layoutget(struct svc_rqst *rqstp,
const struct nfsd4_layout_ops *ops;
struct nfs4_layout_stateid *ls;
__be32 nfserr;
- int accmode = NFSD_MAY_READ_IF_EXEC;
+ int accmode = NFSD_MAY_READ_IF_EXEC | NFSD_MAY_OWNER_OVERRIDE;
switch (lgp->lg_seg.iomode) {
case IOMODE_READ:
@@ -2359,7 +2359,8 @@ nfsd4_layoutcommit(struct svc_rqst *rqst
struct nfs4_layout_stateid *ls;
__be32 nfserr;
- nfserr = fh_verify(rqstp, current_fh, 0, NFSD_MAY_WRITE);
+ nfserr = fh_verify(rqstp, current_fh, 0,
+ NFSD_MAY_WRITE | NFSD_MAY_OWNER_OVERRIDE);
if (nfserr)
goto out;
Patches currently in stable-queue which might be from chuck.lever@xxxxxxxxxx are
queue-6.10/nfsd-fix-nfsdcld-warning.patch
queue-6.10/gss_krb5-fix-the-error-handling-path-for-crypto_sync.patch
queue-6.10/nfsd-nfsd_file_lease_notifier_call-gets-a-file_lease.patch
queue-6.10/sunrpc-fixup-gss_status-tracepoint-error-output.patch
queue-6.10/nfs-pass-explicit-offset-count-to-trace-events.patch
queue-6.10/xprtrdma-fix-rpcrdma_reqs_reset.patch
queue-6.10/nfsd-support-write-delegations-in-layoutget.patch
