Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp780679ybl; Wed, 11 Dec 2019 07:25:11 -0800 (PST) X-Google-Smtp-Source: APXvYqzFVGaMgNUMIRrtyPCqGdT/a5X87ThKLhrxi4M44rUnXMXUDbFjsXL6mRDT2KoFbJ7g9Ipv X-Received: by 2002:aca:d7c6:: with SMTP id o189mr3081675oig.130.1576077911045; Wed, 11 Dec 2019 07:25:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576077911; cv=none; d=google.com; s=arc-20160816; b=rXIcWiZHdz7C4psvffhaqr5H3xs0I8KlXHaHFaSc6efQcuoF6vv2Xms+osFcF8ctW6 DfPNsoqAeYejBHITNVZ1H3ZgE653nN1QnCSZbulScAeRxq5a8AeWbRYLCTbimMfHJG2r zFEBhloo2Pp0+rNc5qpzIyh+JKzT/k5CQOEiQoIMXGpNsz3dTg/Q5AWSstegtxKGmxIf F2NOtiPvwv/tz0qY96kEZDyUloPyuPJNSJVNfXHPsSHIz9r0EEDbvaoFbYdm+p2h++Lt 9xtUw8gBy1Nju2uZB197Qz0kkISVXADw/xWfpdE7aaTS0L+L4kcZCLVhrpt+RTmNoQ4s loxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AFVyDeaj2u8d/yb6JlBIYgHDkmO3FVuGHR+4Xs+GEVM=; b=y0E1jZLCK1lnQXibCfDHpIpiGCAjbJHkivsXh/GihI9jXeHT+4yNhPhrGVR3j+VuDA I/ckggI6SD6E6W4YKfJcl9Qik0211pHwbqrZwUrm3KpivHuW6q7M9DHlvWzwbFXEipS8 +m/xYReJXx9LDfECURWMbRu+zw3ukzDnoWG3tKClD9qnSZmvj2MxLeBSv6AWxpEbYJqe pZzMFAQg2EDNwJdacitxvP1RfRv85aZvvZQ/u1334E7T/lHLFCOVmQ4rI9Dm62ShgjDX +6Q/R8PPYvsWZMee8XgulG+FvZZJeMllYkF9JeB/xkdxJSzBdWbnt6glK3gLgAF2FfhP Mq6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wY2NG67A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h200si1305605oib.258.2019.12.11.07.24.58; Wed, 11 Dec 2019 07:25:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wY2NG67A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732150AbfLKPXT (ORCPT + 99 others); Wed, 11 Dec 2019 10:23:19 -0500 Received: from mail.kernel.org ([198.145.29.99]:54234 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732695AbfLKPXS (ORCPT ); Wed, 11 Dec 2019 10:23:18 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2989C208C3; Wed, 11 Dec 2019 15:23:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576077797; bh=iBaeBTi4gm6B265A0WfKfXom3ys8x5RM8gWVd8rslJU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wY2NG67Aiz+leRq1bFtNeChr9wI9m9i3VjBscAOuJzawVEPWFWYdNlb4+rSx5By3v F8KM/mhqIfb1pvysBRAMEl6qW/b/Xw+UG5aPhaMfDiO9E7EBL5vq7QRFMOcsMcWi4l OK4iKmJkx46zQN+Boprhx0KFPG7qzedlQ3fRxrfw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, zhengbin , "J. Bruce Fields" , Sasha Levin Subject: [PATCH 4.19 174/243] nfsd: Return EPERM, not EACCES, in some SETATTR cases Date: Wed, 11 Dec 2019 16:05:36 +0100 Message-Id: <20191211150350.922075473@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191211150339.185439726@linuxfoundation.org> References: <20191211150339.185439726@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: zhengbin [ Upstream commit 255fbca65137e25b12bced18ec9a014dc77ecda0 ] As the man(2) page for utime/utimes states, EPERM is returned when the second parameter of utime or utimes is not NULL, the caller's effective UID does not match the owner of the file, and the caller is not privileged. However, in a NFS directory mounted from knfsd, it will return EACCES (from nfsd_setattr-> fh_verify->nfsd_permission). This patch fixes that. Signed-off-by: zhengbin Signed-off-by: J. Bruce Fields Signed-off-by: Sasha Levin --- fs/nfsd/vfs.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index b53e76391e525..4fe8db3149506 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -396,10 +396,23 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, bool get_write_count; bool size_change = (iap->ia_valid & ATTR_SIZE); - if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) + if (iap->ia_valid & ATTR_SIZE) { accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; - if (iap->ia_valid & ATTR_SIZE) ftype = S_IFREG; + } + + /* + * If utimes(2) and friends are called with times not NULL, we should + * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission + * will return EACCESS, when the caller's effective UID does not match + * the owner of the file, and the caller is not privileged. In this + * situation, we should return EPERM(notify_change will return this). + */ + if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { + accmode |= NFSD_MAY_OWNER_OVERRIDE; + if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) + accmode |= NFSD_MAY_WRITE; + } /* Callers that do fh_verify should do the fh_want_write: */ get_write_count = !fhp->fh_dentry; -- 2.20.1