Currently, we check FMODE_EXEC from file f_flags, and check FMODE_READ or
FMODE_WRITE from open context mode.
After converting file f_flags to open context mode by flags_to_mode(),
we can check all mode from open context mode.
ChenXiaoSong (2):
NFS: make sure open context mode have FMODE_EXEC when file open for
exec
NFSv4: check FMODE_EXEC from open context mode in
nfs4_opendata_access()
fs/nfs/inode.c | 3 ++-
fs/nfs/nfs4file.c | 12 ++++--------
fs/nfs/nfs4proc.c | 16 +++++-----------
3 files changed, 11 insertions(+), 20 deletions(-)
--
2.31.1
Because file f_mode never have FMODE_EXEC, open context mode won't get
FMODE_EXEC from file f_mode. Open context mode only care about FMODE_READ/
FMODE_WRITE/FMODE_EXEC, and all info about open context mode can be convert
from file f_flags, so convert file f_flags to open context mode by
flags_to_mode().
Signed-off-by: ChenXiaoSong <[email protected]>
---
fs/nfs/inode.c | 3 ++-
fs/nfs/nfs4file.c | 12 ++++--------
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index bea7c005119c..bafa808823db 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1173,7 +1173,8 @@ int nfs_open(struct inode *inode, struct file *filp)
{
struct nfs_open_context *ctx;
- ctx = alloc_nfs_open_context(file_dentry(filp), filp->f_mode, filp);
+ ctx = alloc_nfs_open_context(file_dentry(filp),
+ flags_to_mode(filp->f_flags), filp);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
nfs_file_set_open_context(filp, ctx);
diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c
index 9eb181287879..2563ed8580f3 100644
--- a/fs/nfs/nfs4file.c
+++ b/fs/nfs/nfs4file.c
@@ -32,7 +32,6 @@ nfs4_file_open(struct inode *inode, struct file *filp)
struct dentry *parent = NULL;
struct inode *dir;
unsigned openflags = filp->f_flags;
- fmode_t f_mode;
struct iattr attr;
int err;
@@ -51,17 +50,14 @@ nfs4_file_open(struct inode *inode, struct file *filp)
if (err)
return err;
- f_mode = filp->f_mode;
- if ((openflags & O_ACCMODE) == 3)
- f_mode |= flags_to_mode(openflags);
-
/* We can't create new files here */
openflags &= ~(O_CREAT|O_EXCL);
parent = dget_parent(dentry);
dir = d_inode(parent);
- ctx = alloc_nfs_open_context(file_dentry(filp), f_mode, filp);
+ ctx = alloc_nfs_open_context(file_dentry(filp),
+ flags_to_mode(openflags), filp);
err = PTR_ERR(ctx);
if (IS_ERR(ctx))
goto out;
@@ -366,8 +362,8 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt,
goto out_free_name;
}
- ctx = alloc_nfs_open_context(filep->f_path.dentry, filep->f_mode,
- filep);
+ ctx = alloc_nfs_open_context(filep->f_path.dentry,
+ flags_to_mode(filep->f_flags), filep);
if (IS_ERR(ctx)) {
res = ERR_CAST(ctx);
goto out_filep;
--
2.31.1
After converting file f_flags to open context mode by flags_to_mode(), open
context mode will have FMODE_EXEC when file open for exec, so we check
FMODE_EXEC from open context mode.
No functional change, just simplify the code.
Signed-off-by: ChenXiaoSong <[email protected]>
---
fs/nfs/nfs4proc.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 3ed14a2a84a4..391940d35b82 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2624,8 +2624,7 @@ static int _nfs4_recover_proc_open(struct nfs4_opendata *data)
*/
static int nfs4_opendata_access(const struct cred *cred,
struct nfs4_opendata *opendata,
- struct nfs4_state *state, fmode_t fmode,
- int openflags)
+ struct nfs4_state *state, fmode_t fmode)
{
struct nfs_access_entry cache;
u32 mask, flags;
@@ -2636,11 +2635,7 @@ static int nfs4_opendata_access(const struct cred *cred,
return 0;
mask = 0;
- /*
- * Use openflags to check for exec, because fmode won't
- * always have FMODE_EXEC set when file open for exec.
- */
- if (openflags & __FMODE_EXEC) {
+ if (fmode & __FMODE_EXEC) {
/* ONLY check for exec rights */
if (S_ISDIR(state->inode->i_mode))
mask = NFS4_ACCESS_LOOKUP;
@@ -3023,7 +3018,7 @@ static unsigned nfs4_exclusive_attrset(struct nfs4_opendata *opendata,
}
static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
- int flags, struct nfs_open_context *ctx)
+ struct nfs_open_context *ctx)
{
struct nfs4_state_owner *sp = opendata->owner;
struct nfs_server *server = sp->so_server;
@@ -3084,8 +3079,7 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
/* Parse layoutget results before we check for access */
pnfs_parse_lgopen(state->inode, opendata->lgp, ctx);
- ret = nfs4_opendata_access(sp->so_cred, opendata, state,
- acc_mode, flags);
+ ret = nfs4_opendata_access(sp->so_cred, opendata, state, acc_mode);
if (ret != 0)
goto out;
@@ -3159,7 +3153,7 @@ static int _nfs4_do_open(struct inode *dir,
if (d_really_is_positive(dentry))
opendata->state = nfs4_get_open_state(d_inode(dentry), sp);
- status = _nfs4_open_and_get_state(opendata, flags, ctx);
+ status = _nfs4_open_and_get_state(opendata, ctx);
if (status != 0)
goto err_opendata_put;
state = ctx->state;
--
2.31.1
Hi ChenXiaoSong,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on trondmy-nfs/linux-next]
[also build test WARNING on linus/master v6.0-rc6 next-20220921]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/ChenXiaoSong/NFS-check-FMODE_EXEC-from-open-context-mode/20220922-105006
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
config: arm64-randconfig-s041-20220921 (https://download.01.org/0day-ci/archive/20220923/[email protected]/config)
compiler: aarch64-linux-gcc (GCC) 12.1.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-39-gce1a6720-dirty
# https://github.com/intel-lab-lkp/linux/commit/74ed5473611c0257ea5fe8bb5e77f19d94d02596
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review ChenXiaoSong/NFS-check-FMODE_EXEC-from-open-context-mode/20220922-105006
git checkout 74ed5473611c0257ea5fe8bb5e77f19d94d02596
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <[email protected]>
sparse warnings: (new ones prefixed by >>)
>> fs/nfs/nfs4proc.c:2638:13: sparse: sparse: restricted fmode_t degrades to integer
vim +2638 fs/nfs/nfs4proc.c
2616
2617 /*
2618 * Additional permission checks in order to distinguish between an
2619 * open for read, and an open for execute. This works around the
2620 * fact that NFSv4 OPEN treats read and execute permissions as being
2621 * the same.
2622 * Note that in the non-execute case, we want to turn off permission
2623 * checking if we just created a new file (POSIX open() semantics).
2624 */
2625 static int nfs4_opendata_access(const struct cred *cred,
2626 struct nfs4_opendata *opendata,
2627 struct nfs4_state *state, fmode_t fmode)
2628 {
2629 struct nfs_access_entry cache;
2630 u32 mask, flags;
2631
2632 /* access call failed or for some reason the server doesn't
2633 * support any access modes -- defer access call until later */
2634 if (opendata->o_res.access_supported == 0)
2635 return 0;
2636
2637 mask = 0;
> 2638 if (fmode & __FMODE_EXEC) {
2639 /* ONLY check for exec rights */
2640 if (S_ISDIR(state->inode->i_mode))
2641 mask = NFS4_ACCESS_LOOKUP;
2642 else
2643 mask = NFS4_ACCESS_EXECUTE;
2644 } else if ((fmode & FMODE_READ) && !opendata->file_created)
2645 mask = NFS4_ACCESS_READ;
2646
2647 nfs_access_set_mask(&cache, opendata->o_res.access_result);
2648 nfs_access_add_cache(state->inode, &cache, cred);
2649
2650 flags = NFS4_ACCESS_READ | NFS4_ACCESS_EXECUTE | NFS4_ACCESS_LOOKUP;
2651 if ((mask & ~cache.mask & flags) == 0)
2652 return 0;
2653
2654 return -EACCES;
2655 }
2656
--
0-DAY CI Kernel Test Service
https://01.org/lkp