Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2263383ybl; Thu, 19 Dec 2019 10:38:33 -0800 (PST) X-Google-Smtp-Source: APXvYqyTkL7YZbdF0mA7dZmUlGPzDRmR0cGg9eC67N/lBYvwM6ytBHfyILE2bhf0uhjdSEaJmhW+ X-Received: by 2002:a9d:f26:: with SMTP id 35mr10784117ott.260.1576780713219; Thu, 19 Dec 2019 10:38:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576780713; cv=none; d=google.com; s=arc-20160816; b=oJF/QlRU0Jy6uzjuKM+HMgMvQmCiO9zrlag36jkZU6ZXtbhOgA8n9C4k0w3eMYzE5u EHAbwXChyywZ7Kv4zkd8tnCzLfEWvLfTkXmqauYiPNbENBYu5xOZdxtsKZWE0VzhUKK+ i3RsRabmBbIwaGkaBSLeOl7rQ0o6NOelTENjOKEGXl2/YUIsZEFOP/vufVx/MNQYILwa FM5gpRQsAdwG4LbhfmvYorHhEvqh1ySc4G7byj0ikqIkjoyoCtCKlBst6SrCsuXhqBwC InISuDz5SWgP9xApNGRGXkFcHqeW4BlWcWRkskBLceDL8B/93ltbn5SzpPAW54xfMWWp BqaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DZlfLtmwkjVkz7PRgCsbVLwEvUy1LIMVZ9r/5SYHwYg=; b=fgp2VQHCbKrp5R84oZj0PvRKiI+kNSGjlixDa/X03owc8k9JiMROh+joncU7SoRcnK +RKQEvL3l0ms3R4d1H94hqt5VyPp3LhURajnHOzWanTgTenQWczmJwquSuzdYaG5vegc vHwto0AvQTlTX8APWDW/zTCf7PVI6OYolvnhTDTeYJbhCXPmLjEOlrIM5RyC3A+q94bZ xxV5QR+BQcbWyWlgc9j1vnTci1oirS2LvF//d9wln3hMldyYfvPSZS3JtkmgmfS2MTn2 SbKHVLH2ffMIhiY1olkbO8aV3eE/p1/6J2CSSqrSu2bDjIY4/SvvNczldk6v4U6ooery cWiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OhvfdmPd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w5si3954948otq.238.2019.12.19.10.38.20; Thu, 19 Dec 2019 10:38:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OhvfdmPd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727768AbfLSShJ (ORCPT + 99 others); Thu, 19 Dec 2019 13:37:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:54460 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727750AbfLSShG (ORCPT ); Thu, 19 Dec 2019 13:37:06 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D75F624684; Thu, 19 Dec 2019 18:37:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576780625; bh=WQUBj7643v5jylzIosNbCTZXOGCNhDXR1gPNRvuH/qc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OhvfdmPdIQucCEfA9OgfFWaNi2H5GffronlztfK2OGhYJyltV+/m5tIWUxV3KvQ1U lOXtAUWPKdYJ+28fpHiS2M/fy8jq2OL5P5vUPvvGzJuOOs7/2me2+Exb4tc89ib/l7 QBglnwsxJIHLnI+GgLF/LCS7AEhcvkz2OAM663RQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, zhengbin , "J. Bruce Fields" , Sasha Levin Subject: [PATCH 4.4 050/162] nfsd: Return EPERM, not EACCES, in some SETATTR cases Date: Thu, 19 Dec 2019 19:32:38 +0100 Message-Id: <20191219183210.939485236@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191219183150.477687052@linuxfoundation.org> References: <20191219183150.477687052@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: zhengbin [ Upstream commit 255fbca65137e25b12bced18ec9a014dc77ecda0 ] As the man(2) page for utime/utimes states, EPERM is returned when the second parameter of utime or utimes is not NULL, the caller's effective UID does not match the owner of the file, and the caller is not privileged. However, in a NFS directory mounted from knfsd, it will return EACCES (from nfsd_setattr-> fh_verify->nfsd_permission). This patch fixes that. Signed-off-by: zhengbin Signed-off-by: J. Bruce Fields Signed-off-by: Sasha Levin --- fs/nfsd/vfs.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 17138a97f306c..7745d0a9029c7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -387,10 +387,23 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, bool get_write_count; bool size_change = (iap->ia_valid & ATTR_SIZE); - if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) + if (iap->ia_valid & ATTR_SIZE) { accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; - if (iap->ia_valid & ATTR_SIZE) ftype = S_IFREG; + } + + /* + * If utimes(2) and friends are called with times not NULL, we should + * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission + * will return EACCESS, when the caller's effective UID does not match + * the owner of the file, and the caller is not privileged. In this + * situation, we should return EPERM(notify_change will return this). + */ + if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { + accmode |= NFSD_MAY_OWNER_OVERRIDE; + if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) + accmode |= NFSD_MAY_WRITE; + } /* Callers that do fh_verify should do the fh_want_write: */ get_write_count = !fhp->fh_dentry; -- 2.20.1