Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3785012ybi; Mon, 29 Jul 2019 12:34:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqy8eK+ojNYqzvfnl8hILaS57eoWjAHIQN8C06KzHsH992Z3PNw/S/jrcUDxElM/gtLho0FW X-Received: by 2002:a65:5c4b:: with SMTP id v11mr63089402pgr.62.1564428860948; Mon, 29 Jul 2019 12:34:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564428860; cv=none; d=google.com; s=arc-20160816; b=IdmZg1Y1N4CfpbXgqOog9U9fTiA6Dkl4YGU1oN90+CdlfcEcq2NyuXxfAYNhr8D/Cc C2cWPhF1dciHtK0K3TjBOYFtmiXwZSkvqkiyXGahzZlkHlA8U9wbC/30CIBXYy6oWUn3 BOH+Kbkj91dQFwMW7FrtgFvHiguSgVWzzbx4Gj7DpqQA0RQgcMSLAflaBsDf12vafORY HZUk+9wWTSU9EFSP41vDm7ObL/9eN8QZ6bTBAfUfYGYoQnL3Q5hQ+3bowr5k51nyTHM+ X3bbK9gJ85Jt2EHs7gOVG7EbwdT0IPoFxkuIT9XYeI/JD5nM0VSYxVotooOIDK5XOOW9 my4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ZTwqpjZ5gV8awh8Eq3P2mG1iOUqWEtR7/gj0/MsEIBU=; b=tNYaoFuRKksW7m1SCA6uztsQWUIGVs8iSndQLd3A4nBRlWFjfKghDWquWMxaQmH5EW tzsgHRxwtXafDE2agawHxD+yIbcff9NLxm5j7lMdLZQZ4KDsP6SjBwNWPBI6eK6BEgbG s74glkYco09AoYJuiPWerHgs3oLPgvSI1q5RpFCrOYX749SrtViWT9H+3n79/yt2C0f5 wa2T3uxE3puAyCdlmilt9UWDpzuswrdeuenh8L5VzU7OKgOx/hl5mhWKtK/CsVi3BT8I 7kW0B4+3MLWXgElsBw6iALHLoPEPdENa3RUUKFoEcj8056JoxCdaC54olh/YApTxC6X8 7Piw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dug05N47; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u128si22530633pgu.389.2019.07.29.12.34.06; Mon, 29 Jul 2019 12:34:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dug05N47; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729004AbfG2Tab (ORCPT + 99 others); Mon, 29 Jul 2019 15:30:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:43216 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727409AbfG2Ta3 (ORCPT ); Mon, 29 Jul 2019 15:30:29 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 80D2721655; Mon, 29 Jul 2019 19:30:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428628; bh=uF/S1rg6K8XIBZA1tm5sYQcLrDI7mNKW8KJj7R+pdSc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dug05N47RLYoPO7TGnRxnu6gLehraJjGka/ZEzcT0103Vnf01GH/BtDR3IumaPZFh kD/ieuaBMCIXuzZBS7rZKfbdN+xjr+wPt1QZstCPXI6400xDZWuz7zwL/pPdNCRhHL ZxJzYqlhCGE+u/cabr2chqP64J+iWoCLbJc2WT4M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 4.14 135/293] NFSv4: Handle the special Linux file open access mode Date: Mon, 29 Jul 2019 21:20:26 +0200 Message-Id: <20190729190834.891319903@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190729190820.321094988@linuxfoundation.org> References: <20190729190820.321094988@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1034,6 +1034,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -50,7 +50,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);