Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp915062ybi; Fri, 2 Aug 2019 06:25:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqzoV1AOTRhV0l4GbYsKoBshZL+k7DT+7xHM1pbFqy69cG3SXeZ31dgR5Em58dQtf3RgVU1G X-Received: by 2002:a63:1d4:: with SMTP id 203mr16947619pgb.441.1564752306179; Fri, 02 Aug 2019 06:25:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564752306; cv=none; d=google.com; s=arc-20160816; b=AdbPmgTqaOvc6bLjP7J5iA3RGT0jV/ApNnnCHmzUuJTVZSTBbfSlsNa99OHtjESKbt bqcXc56ZsfEHeq9xQJHtFjwNPw1b/fcIw47IXTlJJWqjVlJHfeer0H/XlZKVIluHeBuO dOs7AGGXMFT09kz6tOjcKN/ieSd6U+m+i5VCSrAxsEiCRHfQMOIFMCUSP9oHZN1jRePS SgGc6A8By0KV30WtGzt3adxrBijNcB8t0jcyu0h/ytztTmwRjYsOTNbPKbvHPbXI1vWg RtgzIkHW5ln9uG99PnT0f6O5bCcaFJYu+sgnexPRUYcpGYOode+FBIqMbVwBfDuz41Xa DTYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=StpeJVvqy5mfbPZEmwcdZ534NJRjoI2D6QwVvw5aPyM=; b=Bbq4D1mRcsE3rgB9eaakW0+wA4/pEioD8Je8OEsv7+AwaLblQrQVRV3nQrd2rEHmvW J6mSIek7u8cIs7JTLoEUPSyyZKVa298yR6/6yaj0QaaSbAbe/53UGI+XrH96OZnVQUAl W8uVA6JDSfTyS9pnz8MNuhViBP+zEoV8CaeusrvDS5kyXvV3E+YkWXRV2BP3+ukiUIS9 knu+qNkmNj12lOWvlLgUAqsNZQzQPMkl6+UDfqZqeoz6HDQZNMabK5F8DTqIMziqQpLP CtIZbLviuLeaZd4AjgzZEzVfeJbcbrrbb03MuHAUUCJaKEBlvhX3IfXsmrfcDKqqq85x JtuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IWw4nnwx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 72si34656305plc.415.2019.08.02.06.24.50; Fri, 02 Aug 2019 06:25:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IWw4nnwx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391171AbfHBJcL (ORCPT + 99 others); Fri, 2 Aug 2019 05:32:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:58872 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391145AbfHBJcJ (ORCPT ); Fri, 2 Aug 2019 05:32:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 200B9217F5; Fri, 2 Aug 2019 09:32:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564738328; bh=C9P/y3eAGQJwazaKIDv0xif61c899R6yFZU2SAGmbxk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IWw4nnwxacuPHPCW3WTWmQ/VHcKzosnKRppNmUWVmSAnZQhG3b73RgEV6cUnHuyJr D8p5UpQKjJ1Ay/oUMMg8cWln8U9gQ211/5YATud7Zh24W0gqkUvfbPRca1Jx0Ol1kn yEJnH8wUEsuHHtayQ21EOZk/tgDn0yr2A2YyaIOk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 4.4 061/158] NFSv4: Handle the special Linux file open access mode Date: Fri, 2 Aug 2019 11:28:02 +0200 Message-Id: <20190802092216.428259836@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190802092203.671944552@linuxfoundation.org> References: <20190802092203.671944552@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -935,6 +935,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -49,7 +49,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);