[kernel] r17253 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series

[Ben Hutchings]

Author: benh
Date: Mon Apr 25 01:44:44 2011
New Revision: 17253

Log:
nfsd: NFSv4: Allow opening existing files with O_CREAT flag in non-writable directories (Closes: #617508)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/34

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Mon Apr 25 01:17:00 2011	(r17252)
+++ dists/squeeze/linux-2.6/debian/changelog	Mon Apr 25 01:44:44 2011	(r17253)
@@ -47,6 +47,8 @@
     For the complete list of changes, see:
      http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.37
      http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.38
+  * nfsd: NFSv4: Allow opening existing files with O_CREAT flag in
+    non-writable directories (Closes: #617508)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 08 Apr 2011 01:13:01 +0100
 

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch	Mon Apr 25 01:44:44 2011	(r17253)
@@ -0,0 +1,56 @@
+From: Sachin Prabhu <sprabhu at redhat.com>
+Date: Wed, 20 Apr 2011 13:09:35 +0100
+Subject: [PATCH] Open with O_CREAT flag set fails to open existing files on
+ non writable directories
+
+commit 1574dff8996ab1ed92c09012f8038b5566fce313 upstream.
+
+An open on a NFS4 share using the O_CREAT flag on an existing file for
+which we have permissions to open but contained in a directory with no
+write permissions will fail with EACCES.
+
+A tcpdump shows that the client had set the open mode to UNCHECKED which
+indicates that the file should be created if it doesn't exist and
+encountering an existing flag is not an error. Since in this case the
+file exists and can be opened by the user, the NFS server is wrong in
+attempting to check create permissions on the parent directory.
+
+The patch adds a conditional statement to check for create permissions
+only if the file doesn't exist.
+
+Signed-off-by: Sachin S. Prabhu <sprabhu at redhat.com>
+Signed-off-by: J. Bruce Fields <bfields at redhat.com>
+---
+ fs/nfsd/vfs.c |    9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
+index 2e1cebd..129f3c9 100644
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -1363,7 +1363,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ 		goto out;
+ 	if (!(iap->ia_valid & ATTR_MODE))
+ 		iap->ia_mode = 0;
+-	err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
++	err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
+ 	if (err)
+ 		goto out;
+ 
+@@ -1385,6 +1385,13 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ 	if (IS_ERR(dchild))
+ 		goto out_nfserr;
+ 
++	/* If file doesn't exist, check for permissions to create one */
++	if (!dchild->d_inode) {
++		err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
++		if (err)
++			goto out;
++	}
++
+ 	err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
+ 	if (err)
+ 		goto out;
+-- 
+1.7.4.4
+

Modified: dists/squeeze/linux-2.6/debian/patches/series/34
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/34	Mon Apr 25 01:17:00 2011	(r17252)
+++ dists/squeeze/linux-2.6/debian/patches/series/34	Mon Apr 25 01:44:44 2011	(r17253)
@@ -33,3 +33,4 @@
 + features/x86/Bluetooth-Add-MacBookAir3-1-2-support-2.patch
 + debian/exec-Get-rid-of-linux_binprm-vma_pages.patch
 + bugfix/all/CVE-2010-3865.patch
++ bugfix/all/nfsd-Open-with-O_CREAT-flag-set-fails-to-open-existing.patch