[kernel] r17253 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at alioth.debian.org
Mon Apr 25 01:44:54 UTC 2011
Author: benh
Date: Mon Apr 25 01:44:44 2011
New Revision: 17253
Log:
nfsd: NFSv4: Allow opening existing files with O_CREAT flag in non-writable directories (Closes: #617508)
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch
Modified:
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/34
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Mon Apr 25 01:17:00 2011 (r17252)
+++ dists/squeeze/linux-2.6/debian/changelog Mon Apr 25 01:44:44 2011 (r17253)
@@ -47,6 +47,8 @@
For the complete list of changes, see:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.37
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.38
+ * nfsd: NFSv4: Allow opening existing files with O_CREAT flag in
+ non-writable directories (Closes: #617508)
-- Ben Hutchings <ben at decadent.org.uk> Fri, 08 Apr 2011 01:13:01 +0100
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch Mon Apr 25 01:44:44 2011 (r17253)
@@ -0,0 +1,56 @@
+From: Sachin Prabhu <sprabhu at redhat.com>
+Date: Wed, 20 Apr 2011 13:09:35 +0100
+Subject: [PATCH] Open with O_CREAT flag set fails to open existing files on
+ non writable directories
+
+commit 1574dff8996ab1ed92c09012f8038b5566fce313 upstream.
+
+An open on a NFS4 share using the O_CREAT flag on an existing file for
+which we have permissions to open but contained in a directory with no
+write permissions will fail with EACCES.
+
+A tcpdump shows that the client had set the open mode to UNCHECKED which
+indicates that the file should be created if it doesn't exist and
+encountering an existing flag is not an error. Since in this case the
+file exists and can be opened by the user, the NFS server is wrong in
+attempting to check create permissions on the parent directory.
+
+The patch adds a conditional statement to check for create permissions
+only if the file doesn't exist.
+
+Signed-off-by: Sachin S. Prabhu <sprabhu at redhat.com>
+Signed-off-by: J. Bruce Fields <bfields at redhat.com>
+---
+ fs/nfsd/vfs.c | 9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
+index 2e1cebd..129f3c9 100644
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -1363,7 +1363,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ goto out;
+ if (!(iap->ia_valid & ATTR_MODE))
+ iap->ia_mode = 0;
+- err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
++ err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
+ if (err)
+ goto out;
+
+@@ -1385,6 +1385,13 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ if (IS_ERR(dchild))
+ goto out_nfserr;
+
++ /* If file doesn't exist, check for permissions to create one */
++ if (!dchild->d_inode) {
++ err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
++ if (err)
++ goto out;
++ }
++
+ err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
+ if (err)
+ goto out;
+--
+1.7.4.4
+
Modified: dists/squeeze/linux-2.6/debian/patches/series/34
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/34 Mon Apr 25 01:17:00 2011 (r17252)
+++ dists/squeeze/linux-2.6/debian/patches/series/34 Mon Apr 25 01:44:44 2011 (r17253)
@@ -33,3 +33,4 @@
+ features/x86/Bluetooth-Add-MacBookAir3-1-2-support-2.patch
+ debian/exec-Get-rid-of-linux_binprm-vma_pages.patch
+ bugfix/all/CVE-2010-3865.patch
++ bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch
More information about the Kernel-svn-changes
mailing list