Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1128298ybt; Tue, 7 Jul 2020 08:23:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuAwobb9BYYAPLW0SSEhQQb/ixvayS+MDLPbpTeaWrbMgyk1nHUaoOA1vAJ13pzqUzwxOY X-Received: by 2002:aa7:d142:: with SMTP id r2mr53852735edo.211.1594135400112; Tue, 07 Jul 2020 08:23:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594135400; cv=none; d=google.com; s=arc-20160816; b=eLygquLPQalC/+QXi1IdrMWxUwF8rg5KnZ0pIZ0DQvRfWaZowOmdVe20P2Gep22XL0 z5S+0RzmhclnJg2Ee+HM9irVLyWMOWfd+PW42VpsBaFKMwbJoObQEl6zdXGPwGm1yyjO Lp1Nhq46SEji/Y3xKor/SkBWlgf6yfbCi7utXRc5yi92gmrUfcws19WQwY0/J0+2wFtk HOS4pN+xfWfdkC3WC+R2Ex2x+JPWdqyUithTJj3C4Pk1fQS/h1jj2iamGzcKBpNk7pda vu1jIELRZqGToAXyhStz0uxSfuRZQIPEkTWl0jHKziO34E5Td0Wck0U9y8xKPHkzOZnT lsFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NZRe4ruu1shicEJg6KD3wUlk5CtlGP7Cb6d5V5fai4o=; b=Cz+4t90wTeznyQLodF11R4ekAtMpeQmDUG9a8Y7M8OZ0lZD9C6+BHxo0qO1qNLIi9P 5x+oYt89LWwSrazd6/TYWcDAL0pXV8PnwYAxhu3J2/oyd+lELyfI9fvNNXSf6uzYBjhq a5UWK+9aCBT8nyJqI9f0y29waQmlhN3OqcFxtUpPPEVZug25wAUcBrtPwt46FKT+K6NO 1ts/I3mydtCdQKeVbOVFh0ydsy5NbbUyLBfHrf7vOqkjAjS/NkYo3t5zrh4Bx7hsThhJ fP+F841/6YyqJUNB8asuqpuXTETnqnW7ys6eAtStpULgbjxa9hJAxtYyPvdM/+YQwNm4 kG8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=w50S3lLe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p14si15387016ejr.470.2020.07.07.08.22.57; Tue, 07 Jul 2020 08:23:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=w50S3lLe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728266AbgGGPV2 (ORCPT + 99 others); Tue, 7 Jul 2020 11:21:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:33628 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729710AbgGGPV0 (ORCPT ); Tue, 7 Jul 2020 11:21:26 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BE0FC2065D; Tue, 7 Jul 2020 15:21:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135285; bh=WsH5rsfravKmuuuiwWQhBWqP7Cck0ZBhMELlT9mviME=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=w50S3lLebhVKOq4mPCG+18JxxWaR3C6R/4o3T5p2WkgwwTVJRUhWQFY0w82+mI9wQ oEo09gzqAhpYPZev/eZ00iCh9ISznDQwgYmn7ZYjOnopLOLoE6IzXOuowyfRhnP2ZI 5jkRUW6ObWkGYWZ3K5GY2bxrr8weXjiHQ4cbloXc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 5.4 47/65] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:17:26 +0200 Message-Id: <20200707145754.738233143@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145752.417212219@linuxfoundation.org> References: <20200707145752.417212219@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1184,6 +1184,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1416,6 +1419,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);