Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1124226ybt; Tue, 7 Jul 2020 08:18:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4dSkmDzg9TKCDm+2yKrW7ixA+z58IKypXLDenwwwWZMqXWM3M+WIqkezHZW0KJI2zR9AY X-Received: by 2002:a17:906:3009:: with SMTP id 9mr31463166ejz.220.1594135091802; Tue, 07 Jul 2020 08:18:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594135091; cv=none; d=google.com; s=arc-20160816; b=GoN5iwsee7Fv9UXDryELJTkWQrv4JLj00UmjJJuBd8DTu1HMJqZ7CGZkV0FGt6gz6I 0L8AqUFtR8oXulbLbGwkWu9VcGjjb/9ROXAK+EIMQR5LH2CKaWaJx5ciow3+8zrh8m2Q QdSk+HMPact8ixrPE15vqRnFbUXZm+lHVNFvttYtPYM5uK/sWzGjPHHlsinAlNwv77PN NDnEY7WqLsQc7QUOH8ddaKN7N+iRMs/jC5Lh03HAlRSMKp0jKcMcCLsGEkO74ikjCDCW KKNYaDspkam2Cz9Js74144s2/yLdLSlIXsIFlwYhMcKva4YBUFeRAvhrzsvE88GNSKt5 0YRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6F4asS9Tn4ARPR6ma1nIGtdAOhMmup9EB1VOOai5JQ0=; b=eAiWZXgbtD1jdonzKZIxg7wW6fCnsSWGvhQHdv+/+9khwp1NAc5WmXqEpPdPtig3k5 Gd82ZB/xA628XCEXMjcOGHinNdAB57rj7pZqUD7qmoR8tUJOp0He4C40K9VhUY2BLUh8 gbyMgA1/S25Rzuwz7vjOO83ZU2vBtQrnmQk8o3tWMG9HgRe6vtWIFGfd9jiizm4kyy8E +ZVyNhalR3m/jtuo9MVM9FofmUweX4DJ24w3V0emO1uWvG/2GNrb5A9aCk6CyImt+4Zx mdrbFP0sGVuRzRofhOPpwcq9vl6EASeawhRYXJrvaKwRuw5X4vkT/BXqKlTLhlQyOSMb 8gTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=e75w6Hl2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id de9si16541934edb.404.2020.07.07.08.17.48; Tue, 07 Jul 2020 08:18:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=e75w6Hl2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729110AbgGGPQw (ORCPT + 99 others); Tue, 7 Jul 2020 11:16:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:56362 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729083AbgGGPQu (ORCPT ); Tue, 7 Jul 2020 11:16:50 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 399C620663; Tue, 7 Jul 2020 15:16:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135009; bh=mZ+94ue3jrh62rM9/yhydqQai/V6Wz+Chq6dMesfcOo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e75w6Hl2tX4ZPpslrT6QnK9/SXmYoCqg6fBL7uVA1tMe/Zy8br0nchVFW+aEU+YNl tV+PALhnd2bUb4Oq+cFuq5O58Irrh5jtgYjOAonjhllH7UZXSOC2JqCO7SBFj9V9Ji aB6C1lhLKQeftAuAHyy4qDOVTkeJCk1ACQYkC01U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 4.14 19/27] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:15:46 +0200 Message-Id: <20200707145749.870230772@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145748.944863698@linuxfoundation.org> References: <20200707145748.944863698@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1202,6 +1202,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1413,6 +1416,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);