Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1133054ybt; Tue, 7 Jul 2020 08:29:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxhB8RVj+Ar/de3ltY3AlJZrXJmbKnV6OOrViDuuRPZU31QPRRyBhtR2B80GFGqIZ1fmb42 X-Received: by 2002:a05:6402:cb3:: with SMTP id cn19mr59852883edb.368.1594135768958; Tue, 07 Jul 2020 08:29:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594135768; cv=none; d=google.com; s=arc-20160816; b=S7Iwa+DhrcAxb0fXoDhgbsd/QQzUtabKMoakmjGhy6fw+C34nwjREId10JTkd7wY4y 7cYCqjzsGOYpkCk21ZtaVWBzPw3/hpYQ9QvLHBpgqkS2/kUNeAH33S+DgAY30oM0B6mF kdOD1Bv7UxASla4WhCEcsYjElX1OxCXA9j+wtEL4Qq11JB+oBGfj29m/hVBFPtqxkh6J lECeoravSWxuGW3DVL99MhvZs0D2Ucf69WxowV/+4CwnoG+NxWP+UkBDo0o4aWSG41rh b4DrCKB7Ndlem72qAaQRtIWGBst2JSd427f6HRtWCjcx/dmlHG54VH6EUZOugBV0D5nV 6A3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OoJzRNE9ztJpkgckjRUS5rLvxJ6rW8djZLeA55MX91w=; b=Ql5X0yGtqe7CDJpu1kxuO5/mAIEfMpZwhUUWfXNfCNxu61IAhVVPTnioq4eyrmPld5 5tNvzD7qKtFfB1BKenCEV6zSAWuqybpF6Hj2spwzTL8Du9MgO1kRkTzNBbLEUCm8MjTE Jdls94KnmaZacxTBlzRjUdjtCVHG0Rb727GOyY5baO9wr8qsew2Lq+ItFQSUPCngNCHJ HYBOiozqY3ES43dPlUiNXs2K6aKlSGIXulSDFwKv5mVRs6Zd9gzPjSm83y2knh52owNh TTTVGXBXLrQFkmGBrNvPkEjYsJ/Zj5a9wFXMdnis305F+p+rO3vsAj54ZoJbuh3qYJts jTag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2kcvzb+e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cy5si15282548edb.554.2020.07.07.08.29.05; Tue, 07 Jul 2020 08:29:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2kcvzb+e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730203AbgGGP2m (ORCPT + 99 others); Tue, 7 Jul 2020 11:28:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:40124 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729891AbgGGPZz (ORCPT ); Tue, 7 Jul 2020 11:25:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7A655207D0; Tue, 7 Jul 2020 15:25:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594135555; bh=1Z+7no7gf04ZuYcu1e6IVYtdl7iOtPRL5GHl8583tg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2kcvzb+eCjtjCg6Fefg701r351dOvz8R9FTV7vZ5NRBCu6QfShKg1fboLHapT9tL5 G1Rz7n4iIbPJ4iApBYfR+qRrtnFqels9FWoOEzevHBFj9kIXWivpvNWx2Or2DjZccp kbVkNn6Z10h/W0hwhDqYSecGjSaBwA/SqKKbDY/A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Elliott Mitchell , Salvatore Bonaccorso , "J. Bruce Fields" Subject: [PATCH 5.7 086/112] nfsd: apply umask on fs without ACL support Date: Tue, 7 Jul 2020 17:17:31 +0200 Message-Id: <20200707145805.073625596@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200707145800.925304888@linuxfoundation.org> References: <20200707145800.925304888@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream. The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/vfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqst iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);