From patchwork Tue Apr 7 14:22:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Max Kellermann X-Patchwork-Id: 11478215 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9B56515AB for ; Tue, 7 Apr 2020 14:31:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 791032072A for ; Tue, 7 Apr 2020 14:31:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728573AbgDGObZ (ORCPT ); Tue, 7 Apr 2020 10:31:25 -0400 Received: from nibbler.cm4all.net ([82.165.145.151]:47576 "EHLO nibbler.cm4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729082AbgDGObZ (ORCPT ); Tue, 7 Apr 2020 10:31:25 -0400 Received: from localhost (localhost [127.0.0.1]) by nibbler.cm4all.net (Postfix) with ESMTP id 9D6D4C0101 for ; Tue, 7 Apr 2020 16:23:05 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at nibbler.cm4all.net Received: from nibbler.cm4all.net ([127.0.0.1]) by localhost (nibbler.cm4all.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wDTXOrKdmkLV for ; Tue, 7 Apr 2020 16:23:05 +0200 (CEST) Received: from zero.intern.cm-ag (zero.intern.cm-ag [172.30.16.10]) by nibbler.cm4all.net (Postfix) with SMTP id 6D769C0131 for ; Tue, 7 Apr 2020 16:23:05 +0200 (CEST) Received: (qmail 19653 invoked from network); 7 Apr 2020 17:35:18 +0200 Received: from unknown (HELO rabbit.intern.cm-ag) (172.30.3.1) by zero.intern.cm-ag with SMTP; 7 Apr 2020 17:35:18 +0200 Received: by rabbit.intern.cm-ag (Postfix, from userid 1023) id 3558B46143D; Tue, 7 Apr 2020 16:23:05 +0200 (CEST) From: Max Kellermann To: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, trond.myklebust@hammerspace.com Cc: bfields@redhat.com, tytso@mit.edu, viro@zeniv.linux.org.uk, agruenba@redhat.com, linux-kernel@vger.kernel.org, Max Kellermann , stable@vger.kernel.org Subject: [PATCH v3 1/4] fs/posix_acl: apply umask if superblock disables ACL support Date: Tue, 7 Apr 2020 16:22:40 +0200 Message-Id: <20200407142243.2032-1-mk@cm4all.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org The function posix_acl_create() applies the umask only if the inode has no ACL (= NULL) or if ACLs are not supported by the filesystem driver (= -EOPNOTSUPP). However, this happens only after after the IS_POSIXACL() check succeeded. If the superblock doesn't enable ACL support, umask will never be applied. A filesystem which has no ACL support will of course not enable SB_POSIXACL, rendering the umask-applying code path unreachable. This fixes a bug which causes the umask to be ignored with O_TMPFILE on tmpfs: https://github.com/MusicPlayerDaemon/MPD/issues/558 https://bugs.gentoo.org/show_bug.cgi?id=686142#c3 https://bugzilla.kernel.org/show_bug.cgi?id=203625 Signed-off-by: Max Kellermann Reviewed-by: J. Bruce Fields Cc: stable@vger.kernel.org --- fs/posix_acl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 249672bf54fe..e5e7a2295b99 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -589,9 +589,14 @@ posix_acl_create(struct inode *dir, umode_t *mode, *acl = NULL; *default_acl = NULL; - if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) + if (S_ISLNK(*mode)) return 0; + if (!IS_POSIXACL(dir)) { + *mode &= ~current_umask(); + return 0; + } + p = get_acl(dir, ACL_TYPE_DEFAULT); if (!p || p == ERR_PTR(-EOPNOTSUPP)) { *mode &= ~current_umask(); From patchwork Tue Apr 7 14:22:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Max Kellermann X-Patchwork-Id: 11478223 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C966715AB for ; Tue, 7 Apr 2020 14:31:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A97E22074F for ; Tue, 7 Apr 2020 14:31:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729145AbgDGOb2 (ORCPT ); Tue, 7 Apr 2020 10:31:28 -0400 Received: from nibbler.cm4all.net ([82.165.145.151]:47595 "EHLO nibbler.cm4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729120AbgDGOb2 (ORCPT ); Tue, 7 Apr 2020 10:31:28 -0400 Received: from localhost (localhost [127.0.0.1]) by nibbler.cm4all.net (Postfix) with ESMTP id D4F96C0131 for ; Tue, 7 Apr 2020 16:23:07 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at nibbler.cm4all.net Received: from nibbler.cm4all.net ([127.0.0.1]) by localhost (nibbler.cm4all.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7Asze2ZI4zue for ; Tue, 7 Apr 2020 16:23:07 +0200 (CEST) Received: from zero.intern.cm-ag (zero.intern.cm-ag [172.30.16.10]) by nibbler.cm4all.net (Postfix) with SMTP id 9FF65C01B6 for ; Tue, 7 Apr 2020 16:23:07 +0200 (CEST) Received: (qmail 19673 invoked from network); 7 Apr 2020 17:35:20 +0200 Received: from unknown (HELO rabbit.intern.cm-ag) (172.30.3.1) by zero.intern.cm-ag with SMTP; 7 Apr 2020 17:35:20 +0200 Received: by rabbit.intern.cm-ag (Postfix, from userid 1023) id 6DDE746143D; Tue, 7 Apr 2020 16:23:07 +0200 (CEST) From: Max Kellermann To: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, trond.myklebust@hammerspace.com Cc: bfields@redhat.com, tytso@mit.edu, viro@zeniv.linux.org.uk, agruenba@redhat.com, linux-kernel@vger.kernel.org, Max Kellermann , stable@vger.kernel.org Subject: [PATCH v3 2/4] fs/ext4/acl: apply umask if ACL support is disabled Date: Tue, 7 Apr 2020 16:22:41 +0200 Message-Id: <20200407142243.2032-2-mk@cm4all.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200407142243.2032-1-mk@cm4all.com> References: <20200407142243.2032-1-mk@cm4all.com> MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org The function ext4_init_acl() calls posix_acl_create() which is responsible for applying the umask. But without CONFIG_EXT4_FS_POSIX_ACL, ext4_init_acl() is an empty inline function, and nobody applies the umask. This fixes a bug which causes the umask to be ignored with O_TMPFILE on ext4: https://github.com/MusicPlayerDaemon/MPD/issues/558 https://bugs.gentoo.org/show_bug.cgi?id=686142#c3 https://bugzilla.kernel.org/show_bug.cgi?id=203625 Signed-off-by: Max Kellermann Reviewed-by: J. Bruce Fields Cc: stable@vger.kernel.org --- fs/ext4/acl.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h index 9b63f5416a2f..7f3b25b3fa6d 100644 --- a/fs/ext4/acl.h +++ b/fs/ext4/acl.h @@ -67,6 +67,11 @@ extern int ext4_init_acl(handle_t *, struct inode *, struct inode *); static inline int ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir) { + /* usually, the umask is applied by posix_acl_create(), but if + ext4 ACL support is disabled at compile time, we need to do + it here, because posix_acl_create() will never be called */ + inode->i_mode &= ~current_umask(); + return 0; } #endif /* CONFIG_EXT4_FS_POSIX_ACL */ From patchwork Tue Apr 7 14:22:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Max Kellermann X-Patchwork-Id: 11478229 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 638191392 for ; Tue, 7 Apr 2020 14:31:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4B84D2076E for ; Tue, 7 Apr 2020 14:31:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729211AbgDGOb2 (ORCPT ); Tue, 7 Apr 2020 10:31:28 -0400 Received: from nibbler.cm4all.net ([82.165.145.151]:47598 "EHLO nibbler.cm4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729145AbgDGOb1 (ORCPT ); Tue, 7 Apr 2020 10:31:27 -0400 Received: from localhost (localhost [127.0.0.1]) by nibbler.cm4all.net (Postfix) with ESMTP id DFEB1C020D for ; Tue, 7 Apr 2020 16:23:08 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at nibbler.cm4all.net Received: from nibbler.cm4all.net ([127.0.0.1]) by localhost (nibbler.cm4all.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1LJ_2-oVVuvU for ; Tue, 7 Apr 2020 16:23:08 +0200 (CEST) Received: from zero.intern.cm-ag (zero.intern.cm-ag [172.30.16.10]) by nibbler.cm4all.net (Postfix) with SMTP id 9F729C021E for ; Tue, 7 Apr 2020 16:23:08 +0200 (CEST) Received: (qmail 19689 invoked from network); 7 Apr 2020 17:35:21 +0200 Received: from unknown (HELO rabbit.intern.cm-ag) (172.30.3.1) by zero.intern.cm-ag with SMTP; 7 Apr 2020 17:35:21 +0200 Received: by rabbit.intern.cm-ag (Postfix, from userid 1023) id 61F4446143D; Tue, 7 Apr 2020 16:23:08 +0200 (CEST) From: Max Kellermann To: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, trond.myklebust@hammerspace.com Cc: bfields@redhat.com, tytso@mit.edu, viro@zeniv.linux.org.uk, agruenba@redhat.com, linux-kernel@vger.kernel.org, Max Kellermann , Jan Kara , stable@vger.kernel.org Subject: [PATCH v3 3/4] linux/fs.h: fix umask on NFS with CONFIG_FS_POSIX_ACL=n Date: Tue, 7 Apr 2020 16:22:42 +0200 Message-Id: <20200407142243.2032-3-mk@cm4all.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200407142243.2032-1-mk@cm4all.com> References: <20200407142243.2032-1-mk@cm4all.com> MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Make IS_POSIXACL() return false if POSIX ACL support is disabled and ignore SB_POSIXACL/MS_POSIXACL. Never skip applying the umask in namei.c and never bother to do any ACL specific checks if the filesystem falsely indicates it has ACLs enabled when the feature is completely disabled in the kernel. This fixes a problem where the umask is always ignored in the NFS client when compiled without CONFIG_FS_POSIX_ACL. This is a 4 year old regression caused by commit 013cdf1088d723 which itself was not completely wrong, but failed to consider all the side effects by misdesigned VFS code. Prior to that commit, there were two places where the umask could be applied, for example when creating a directory: 1. in the VFS layer in SYSCALL_DEFINE3(mkdirat), but only if !IS_POSIXACL() 2. again (unconditionally) in nfs3_proc_mkdir() The first one does not apply, because even without CONFIG_FS_POSIX_ACL, the NFS client sets MS_POSIXACL in nfs_fill_super(). After that commit, (2.) was replaced by: 2b. in posix_acl_create(), called by nfs3_proc_mkdir() There's one branch in posix_acl_create() which applies the umask; however, without CONFIG_FS_POSIX_ACL, posix_acl_create() is an empty dummy function which does not apply the umask. The approach chosen by this patch is to make IS_POSIXACL() always return false when POSIX ACL support is disabled, so the umask always gets applied by the VFS layer. This is consistent with the (regular) behavior of posix_acl_create(): that function returns early if IS_POSIXACL() is false, before applying the umask. Therefore, posix_acl_create() is responsible for applying the umask if there is ACL support enabled in the file system (SB_POSIXACL), and the VFS layer is responsible for all other cases (no SB_POSIXACL or no CONFIG_FS_POSIX_ACL). Signed-off-by: Max Kellermann Reviewed-by: J. Bruce Fields Reviewed-by: Jan Kara Cc: stable@vger.kernel.org --- include/linux/fs.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/fs.h b/include/linux/fs.h index abedbffe2c9e..5721be1146b1 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2027,7 +2027,12 @@ static inline bool sb_rdonly(const struct super_block *sb) { return sb->s_flags #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA) #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND) #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE) + +#ifdef CONFIG_FS_POSIX_ACL #define IS_POSIXACL(inode) __IS_FLG(inode, SB_POSIXACL) +#else +#define IS_POSIXACL(inode) 0 +#endif #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD) #define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME) From patchwork Tue Apr 7 14:22:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Max Kellermann X-Patchwork-Id: 11478221 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7409815AB for ; Tue, 7 Apr 2020 14:31:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 53CF42074F for ; Tue, 7 Apr 2020 14:31:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729183AbgDGOb1 (ORCPT ); Tue, 7 Apr 2020 10:31:27 -0400 Received: from nibbler.cm4all.net ([82.165.145.151]:47597 "EHLO nibbler.cm4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729133AbgDGOb1 (ORCPT ); Tue, 7 Apr 2020 10:31:27 -0400 Received: from localhost (localhost [127.0.0.1]) by nibbler.cm4all.net (Postfix) with ESMTP id DD62EC0271 for ; Tue, 7 Apr 2020 16:23:09 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at nibbler.cm4all.net Received: from nibbler.cm4all.net ([127.0.0.1]) by localhost (nibbler.cm4all.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id H3_HMP2AIIPM for ; Tue, 7 Apr 2020 16:23:09 +0200 (CEST) Received: from zero.intern.cm-ag (zero.intern.cm-ag [172.30.16.10]) by nibbler.cm4all.net (Postfix) with SMTP id A7366C02C8 for ; Tue, 7 Apr 2020 16:23:09 +0200 (CEST) Received: (qmail 19706 invoked from network); 7 Apr 2020 17:35:22 +0200 Received: from unknown (HELO rabbit.intern.cm-ag) (172.30.3.1) by zero.intern.cm-ag with SMTP; 7 Apr 2020 17:35:22 +0200 Received: by rabbit.intern.cm-ag (Postfix, from userid 1023) id 7F4A246143D; Tue, 7 Apr 2020 16:23:09 +0200 (CEST) From: Max Kellermann To: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, trond.myklebust@hammerspace.com Cc: bfields@redhat.com, tytso@mit.edu, viro@zeniv.linux.org.uk, agruenba@redhat.com, linux-kernel@vger.kernel.org, Max Kellermann , stable@vger.kernel.org Subject: [PATCH v3 4/4] nfs/super: check NFS_CAP_ACLS instead of the NFS version Date: Tue, 7 Apr 2020 16:22:43 +0200 Message-Id: <20200407142243.2032-4-mk@cm4all.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200407142243.2032-1-mk@cm4all.com> References: <20200407142243.2032-1-mk@cm4all.com> MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org This sets SB_POSIXACL only if ACL support is really enabled, instead of always setting SB_POSIXACL if the NFS protocol version theoretically supports ACL. The code comment says "We will [apply the umask] ourselves", but that happens in posix_acl_create() only if the kernel has POSIX ACL support. Without it, posix_acl_create() is an empty dummy function. So let's not pretend we will apply the umask if we can already know that we will never. This fixes a problem where the umask is always ignored in the NFS client when compiled without CONFIG_FS_POSIX_ACL. This is a 4 year old regression caused by commit 013cdf1088d723 which itself was not completely wrong, but failed to consider all the side effects by misdesigned VFS code. Signed-off-by: Max Kellermann Reviewed-by: J. Bruce Fields Cc: stable@vger.kernel.org --- fs/nfs/super.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index dada09b391c6..dab79193f641 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -977,11 +977,14 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx) if (ctx && ctx->bsize) sb->s_blocksize = nfs_block_size(ctx->bsize, &sb->s_blocksize_bits); - if (server->nfs_client->rpc_ops->version != 2) { + if (NFS_SB(sb)->caps & NFS_CAP_ACLS) { /* The VFS shouldn't apply the umask to mode bits. We will do * so ourselves when necessary. */ sb->s_flags |= SB_POSIXACL; + } + + if (server->nfs_client->rpc_ops->version != 2) { sb->s_time_gran = 1; sb->s_export_op = &nfs_export_ops; } else