diff mbox

nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid

Message ID 20150731200534.GA20543@fieldses.org (mailing list archive)
State New, archived
Headers show

Commit Message

J. Bruce Fields July 31, 2015, 8:05 p.m. UTC 
On Thu, Jul 30, 2015 at 11:16:41AM -0400, J. Bruce Fields wrote:
> On Thu, Jul 30, 2015 at 06:57:46AM -0400, Jeff Layton wrote:
> > Currently, preprocess_stateid_op calls nfs4_check_olstateid which
> > verifies that the open stateid corresponds to the current_fh in the
> > call by calling nfs4_check_fh.
> > 
> > If the stateid is a NFS4_DELEG_STID however, then no such check is
> > done. Move the call to nfs4_check_fh into nfs4_check_file instead
> > so that it can be done for all stateid types.
> 
> Thanks, applying for 4.2 and -stable with a note that this can screw up
> permissions checking later in nfs4_check_file.

By the way I also had to apply the following to avoid a NULL dereference
in the special-stateid case (when we'll jump to the "done:" label with
"s" still NULL).  Thanks to pynfs4.0 RD1 for catching that....

--b.

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Jeff Layton July 31, 2015, 8:28 p.m. UTC | #1 
On Fri, 31 Jul 2015 16:05:34 -0400
"J. Bruce Fields" <bfields@fieldses.org> wrote:

> On Thu, Jul 30, 2015 at 11:16:41AM -0400, J. Bruce Fields wrote:
> > On Thu, Jul 30, 2015 at 06:57:46AM -0400, Jeff Layton wrote:
> > > Currently, preprocess_stateid_op calls nfs4_check_olstateid which
> > > verifies that the open stateid corresponds to the current_fh in the
> > > call by calling nfs4_check_fh.
> > > 
> > > If the stateid is a NFS4_DELEG_STID however, then no such check is
> > > done. Move the call to nfs4_check_fh into nfs4_check_file instead
> > > so that it can be done for all stateid types.
> > 
> > Thanks, applying for 4.2 and -stable with a note that this can screw up
> > permissions checking later in nfs4_check_file.
> 
> By the way I also had to apply the following to avoid a NULL dereference
> in the special-stateid case (when we'll jump to the "done:" label with
> "s" still NULL).  Thanks to pynfs4.0 RD1 for catching that....
> 
> --b.
> 
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 5cee7f2c4802..95202719a1fd 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -4615,10 +4615,6 @@ nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s,
>  	struct file *file;
>  	__be32 status;
>  
> -	status = nfs4_check_fh(fhp, s);
> -	if (status)
> -		return status;
> -
>  	file = nfs4_find_file(s, flags);
>  	if (file) {
>  		status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
> @@ -4691,6 +4687,9 @@ nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
>  		status = nfserr_bad_stateid;
>  		break;
>  	}
> +	if (status)
> +		goto out;
> +	status = nfs4_check_fh(fhp, s);
>  
>  done:
>  	if (!status && filpp)

Good catch. My bad for not running pynfs against it! If you're adding
this as a separate patch you can add my:

Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 5cee7f2c4802..95202719a1fd 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4615,10 +4615,6 @@  nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s,
 	struct file *file;
 	__be32 status;
 
-	status = nfs4_check_fh(fhp, s);
-	if (status)
-		return status;
-
 	file = nfs4_find_file(s, flags);
 	if (file) {
 		status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
@@ -4691,6 +4687,9 @@  nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
 		status = nfserr_bad_stateid;
 		break;
 	}
+	if (status)
+		goto out;
+	status = nfs4_check_fh(fhp, s);
 
 done:
 	if (!status && filpp)