Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9979323ybi; Wed, 24 Jul 2019 13:26:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqyfe4d1KUpjoxdzeMrcFhU1d+8Gs6BDAFTWim8bdn+MqTKZt/O7kgIwXMmJRhm+6dfSXSZO X-Received: by 2002:a62:e806:: with SMTP id c6mr13220275pfi.158.1564000000047; Wed, 24 Jul 2019 13:26:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564000000; cv=none; d=google.com; s=arc-20160816; b=YPyDBud6sh+MqSOIU8OD4zRDZZgL5ts421/JxwkeoGk7JOZesRy/JMat1gm8TVQjBj WzD24+jxTUk4Ju7raad5VAEDiB6XL4VjM4GlU1n81Vwg0Yr647isG+MqoXL31vmD1nMl xuBkKOUeVnsEcIi7GVle+Eb12PPUMH0zdF3mjNeVv1p2m7xttb4q9OR4iqIbnG+iROu9 UbX49dQDXqAxLXnlXpHWzKB7LafIhI8ZSPyQhdFgz3fTP+Qhq1GqSl/JdbnWEjIj8twe EKkpMQJKN+Zc5Hapm+dJ4/W1CZ6lzRGPG1oqc0e2FZDm9BiNRJpU4mei9BjYuxTbOaxo VmSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8c8DL6SDceRC4m1PrFG4DxpTcJlNvE8QCTH/uDrvZrk=; b=yRm69x1lWpmLhURAfSTasch1W0LLYKMWsuoyXQVakEdvFUDX6CbtsBJOEA/rmzL4wR cPFXsNe0F0TYbTYNcrwQhJaTseoJNmahcXFYfh1TaoxWvq73pZjaIQ+hqudWFke+B9t3 KtdsG5Ibzp7bR4l/IrtSLF+iU7DDbtlBgHxhpLj1vW1WFq2A9yCMtOClk0/bPxZiiuAn z5DaMOeqFo0WCSszvllfnw1mJ3m529sE0B5T2Uy7koO31ErAjGSNqiPm33kBpV3LZ9ve YtjQ9EGdgxYJ1jBnfIhJg7Lcm1aowOJsLwJQZEAWWgQoPU5Aqvyw19vlbi8yf6YLnMJt Qmdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Ty/5QZgK"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x190si14772274pgd.146.2019.07.24.13.26.25; Wed, 24 Jul 2019 13:26:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Ty/5QZgK"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389641AbfGXTjg (ORCPT + 99 others); Wed, 24 Jul 2019 15:39:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:40634 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389500AbfGXTjd (ORCPT ); Wed, 24 Jul 2019 15:39:33 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3EB1322ADA; Wed, 24 Jul 2019 19:39:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563997172; bh=EEMkZdrmz4xgZdJjlrYw+g+ONXr9nSokfarp7hTEMpE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ty/5QZgKLH+6G/R63zmDhY/RzMVO2jcOlmklo6m1Bu1TInBqw/9ojlW5/6fRWPld9 Qa0dskt8knQV6tOFIyMeahJOw6ddamJz9eCq/PGJSMxyaSNz2ZTzFtK8bKJjJt4SIE eTraR8/HZM5emAFgNzec3QqtqXgL858g5jxWvffA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 5.2 304/413] NFSv4: Handle the special Linux file open access mode Date: Wed, 24 Jul 2019 21:19:55 +0200 Message-Id: <20190724191757.597829473@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191735.096702571@linuxfoundation.org> References: <20190724191735.096702571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1100,6 +1100,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -49,7 +49,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);