Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1128266ybt; Tue, 7 Jul 2020 08:23:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwXnGnmAsvCzeHTG+Gr1uINts7nIwlecx76qva8IqucOD2clWOXxXKOOfC8aCSBiIFSM4md X-Received: by 2002:a17:906:648f:: with SMTP id e15mr46460365ejm.99.1594135397721; Tue, 07 Jul 2020 08:23:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594135397; cv=none; d=google.com; s=arc-20160816; b=m+FE2F9FcnQJ1iRgMpdt/TPYB10URIJ3k7mp0yAHz8ju5AX1ZZKssagdiTG36w3GuZ 4JwqbdcdRZEVtcaN1Osl30FX/ed6XbDwCTaDtdxSpv0rG5+6bKIPiCiDTTNeDYUfKnxd DfFwWN2QsJuMW6TRSu1o0gKZhcbJvygabjTW8tj2tEFV/dQT238ClvnBsdjiHXYNbseK sPwAnb3oNnFa4v4JJ3aoDMcJUfK/CjC0caZgqcNizoDrBWGvTEGlukjW1TtyBE41Rp/8 TBMcZ7ykVqp8vmU3iwchA1OI4W/MZRM1hTzHYDaCRsY7OlgaWP1QV5J+TDcae3DOeyyb vrNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Qf7lJHKigUl/h0zpP29gZK4m5U9WkrmM86+HktuDuNk=; b=DpvtUVFdBsYDJZFL4DalTRd1rS1vpUcQhCIQ7UIOwaHJztPxxtbIfe/YKQtgw7f42p PPXHTiAhwt+cXhI72EurM3SGqp1/ElaZs52TF5ADhdOqnaaRRcoXb5ISmJo3gw80P2Wy nL4ygSHub+lRXa3/RxBz6qDxnMwlXDNlZeV0XQDN2xwFX7N509zZuUp6+L8LgRWeIYId 9doNpfz3FOsqbPw9Xh4umT9kfTuhccSriWSjgtOtA6fkO1d8m1o7jIyAxeTlAXoEJc7n mtj9Fvx9HMpXqEqOGKq30kCM2v3HJqwn51gwpIgCevz/mnW/tC72fx3F8UrWaiHawZSu zjqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SahrpoJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p2si15187082edr.239.2020.07.07.08.22.54; Tue, 07 Jul 2020 08:23:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SahrpoJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729026AbgGGPTd (ORCPT + 99 others); Tue, 7 Jul 2020 11:19:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:59282 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729342AbgGGPTb (ORCPT ); Tue, 7 Jul 2020 11:19:31 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FAEF2065D; Tue, 7 Jul 2020 15:19:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135170; bh=Nw05yyms+dL37Vxoz1oy/1BvjPadV0/lGa/L8xOJlUs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SahrpoJlWbwaYZXmucI+51bKwfsxhP5GpL41/dKXSmV6olBByB1tBvg2uPqkvkXYB 6u7EUBNWdORw8bHZm8AteCnmH71b4ku7Gpt7HRDQ+S3hnyzWmCQqc1nlTqANVBfFvj wLfdcF3nw+tu+KC0s0346WK28LXjR4hajIiI2wF4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 4.19 27/36] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:17:19 +0200 Message-Id: <20200707145750.449013671@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145749.130272978@linuxfoundation.org> References: <20200707145749.130272978@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1206,6 +1206,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1439,6 +1442,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);