Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1147572ybi; Fri, 2 Aug 2019 10:04:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqyPc3C52Mzzddq1kyHshier4fhc3XZbS0sEnKGcC4R+xTKUZ/Hh4kV16vz1XRq4pKhk/8fw X-Received: by 2002:a62:2d3:: with SMTP id 202mr61578656pfc.131.1564765473627; Fri, 02 Aug 2019 10:04:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564765473; cv=none; d=google.com; s=arc-20160816; b=DmctojceXK+o9mQBNEwyBjrFwqUoawAvsLjwYohBBWIHst0vyCup5aax4gI+yTEwNn +uMxvUQLi7YdkEf01H1BeApZSMm31NfA2oKeE3RU5JkwfQUdiVJpU9QT+oMYa94dlzAk UkMiC6gHnutAJODg9EUNuKwd19EUfl5ow5K6Ul0cPZNmhFNhvZCzXQuHkkV4awwQqKMQ aKqnUNcZIGbYuOu9AIPCLLUT/q7wtjPQTI5QptQkq35wS5k+gBvC06wBMBHCK/mStwSo X2sFWy9myyk23ffd45ibyJERYfjNegQ7Tzc5OljCwEzRNsjvy9cNVntX2xpDk1PlGoOk xjsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pepypcUBZxa+g0VMqakJlnI2LaG2bYqvw2qbSsV/yzg=; b=q4CQIb4gGsvRyiEA5+ypnpQgmbQYCTwTvqZjvOIHwJIGpT5jKB3LgAO/XhKVJerCp0 C70js/ZCAUbOAX+LqgD+FS6dnx9DVjKazB0EaOeuUgBqi9s15rpmUTZEwVy6tzo2aN0k JmVoHLIZfQL6120INFk4rWT916EsLCMk3JPi3dYHPwjJqLXvcb7z7fmXQJxklJvch80I IGvxjpOitnhY0AeMTAWUhyUQFscvSHkMxxN2WPEQL1ZnCBvsG3oXJUuGJqk/+DabpGF7 vt9YsUOEyt/1+dTLfieYJ//apJgBcVJyA+tthSpbzPi9P156c4U18Rvus+WAuDg4EOxg 459A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aEOWuYcW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v4si33977730plp.212.2019.08.02.10.04.17; Fri, 02 Aug 2019 10:04:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aEOWuYcW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732547AbfHBJom (ORCPT + 99 others); Fri, 2 Aug 2019 05:44:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:48006 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405267AbfHBJog (ORCPT ); Fri, 2 Aug 2019 05:44:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 01739206A2; Fri, 2 Aug 2019 09:44:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564739075; bh=q9sMUCzCjEnEdAMJ/VmD7ONcEsB2+1D51FFCJLn0kZA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aEOWuYcWFKoe5KtR0f0YhrrJMJMXmbKYMo8R/Nxy8tVBaUMXcjnY9OLAhG26Zwb2z w7AaS19djJdn5bLSFL2lZc88etWMqryCSfS1Yrh/jHHi+yZc740hZDk2C4J3E70q9N 74b85Q43/u6if+rGEyspPw/MtdjIiOowYlRLL0HU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 4.9 088/223] NFSv4: Handle the special Linux file open access mode Date: Fri, 2 Aug 2019 11:35:13 +0200 Message-Id: <20190802092244.762091182@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190802092238.692035242@linuxfoundation.org> References: <20190802092238.692035242@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -950,6 +950,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -49,7 +49,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);