Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10426037ybi; Wed, 24 Jul 2019 23:01:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqzaH23kPkqu7qM2ItJ0m+t3ulEzYxNtQU3ITC8+C4ku64/Q1C2w6UUuiHX68lUgYvjRg34y X-Received: by 2002:a17:902:8d92:: with SMTP id v18mr90502183plo.211.1564034464989; Wed, 24 Jul 2019 23:01:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564034464; cv=none; d=google.com; s=arc-20160816; b=AR2xMyZEz3NOO4hU1BkllHJgEtzy5mKSRu68Ei5N6VoURfslNmcKONiv2yk4MwgVR3 N7/qQr/fXBEuup5tlecTNjGsDuL0gAlHJdQZBBpyT0TH4jPQzfYFsse865tesH3br26e G+mHsKnEM7MDXmHVA9AjaSFIa9bDJxC79ICPFNT8v+Ti6hetXi/Q+JB8Dt2csCS4WgVX GZGRlccfn9a6grJDN8Jw6Clidi27NqWv73ce0u0jo0470TS+deMHuzv3WZLGlHrVa3rB gYNCYa7cRRnHJXqCDcTR1ll2gGhqOAokDwFnTJ4g/lcxb1Dt1A33ipRN8RL3fl4oY2r1 w73g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8c8DL6SDceRC4m1PrFG4DxpTcJlNvE8QCTH/uDrvZrk=; b=lbcdq/5/GRg3Y9lhGFQcRSu/HC55mtqBX/kXL0c3HBFT46zryvDgehckCvmM8pBgN5 P/EJbmjo+Kczs5ce2iNH0negAx1ZSqumza9BTkc1Ecu5cS/09wue+oEAIfSDNZzR0goC 2bC6ysBS5uS+XT++GPaWRYXGwcvS9GJy9D6APnuoxjq63AH+H/OUJpw85uXFhjPogJ2+ bVahqhdJEj77Kk3cvzAyGW7hPPfaLbsfxwCXsUu1bQt57lVKgRozw3T270UJslw2G64Y 9ZoTE6YKdOj5rG1Bf7xqorsKZK03vjt6G8MnRIKPJEpWpO6aBn7Uq9/HC1uQ/q0VM0av fFyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yixGxMCJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p11si17951572plk.67.2019.07.24.23.00.50; Wed, 24 Jul 2019 23:01:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yixGxMCJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391072AbfGYFnk (ORCPT + 99 others); Thu, 25 Jul 2019 01:43:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:58560 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391061AbfGYFng (ORCPT ); Thu, 25 Jul 2019 01:43:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8442021880; Thu, 25 Jul 2019 05:43:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564033415; bh=EEMkZdrmz4xgZdJjlrYw+g+ONXr9nSokfarp7hTEMpE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yixGxMCJKoyv180EcQRdrL8rmNJPYQfOhvnyAZ8UmH3Mz/Qa9Auld7kZuNoR65gdu niQn9LU62TDIcH2iIZenfD0/Ec9spWHkWZJGBNzBa2AXSEiQkUPWp02PJOBIEGboNm Pxgco7iVXH7OhhXkoMUjtOMMPDKsp9eXqEWHIKAg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 4.19 199/271] NFSv4: Handle the special Linux file open access mode Date: Wed, 24 Jul 2019 21:21:08 +0200 Message-Id: <20190724191712.165386730@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191655.268628197@linuxfoundation.org> References: <20190724191655.268628197@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1100,6 +1100,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -49,7 +49,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);