nfsd: apply umask on fs without ACL support

Closes: #962254
This commit is contained in:
Salvatore Bonaccorso 2020-06-22 13:36:31 +02:00
parent 1e3e001c12
commit 0c35cc337b
3 changed files with 58 additions and 0 deletions

1
debian/changelog vendored
View File

@ -5,6 +5,7 @@ linux (4.19.118-3) UNRELEASED; urgency=medium
* [rt] Add new signing key for Tom Zanussi
* apparmor: don't try to replace stale label in ptraceme check
(Closes: #963493)
* nfsd: apply umask on fs without ACL support (Closes: #962254)
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 13 May 2020 17:44:43 +0200

View File

@ -0,0 +1,56 @@
From: "J. Bruce Fields" <bfields@redhat.com>
Date: Tue, 16 Jun 2020 16:43:18 -0400
Subject: nfsd: apply umask on fs without ACL support
Origin: http://git.linux-nfs.org/?p=bfields/linux.git;a=commit;h=22cf8419f1319ff87ec759d0ebdff4cbafaee832
Bug-Debian: https://bugs.debian.org/962254
The server is failing to apply the umask when creating new objects on
filesystems without ACL support.
To reproduce this, you need to use NFSv4.2 and a client and server
recent enough to support umask, and you need to export a filesystem that
lacks ACL support (for example, ext4 with the "noacl" mount option).
Filesystems with ACL support are expected to take care of the umask
themselves (usually by calling posix_acl_create).
For filesystems without ACL support, this is up to the caller of
vfs_create(), vfs_mknod(), or vfs_mkdir().
Reported-by: Elliott Mitchell <ehem+debian@m5p.com>
Reported-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Fixes: 47057abde515 ("nfsd: add support for the umask attribute")
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
fs/nfsd/vfs.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index c3fbab1753ec..d22a056da477 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1226,6 +1226,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp,
iap->ia_mode = 0;
iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
+ if (!IS_POSIXACL(dirp))
+ iap->ia_mode &= ~current_umask();
+
err = 0;
host_err = 0;
switch (type) {
@@ -1458,6 +1461,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
goto out;
}
+ if (!IS_POSIXACL(dirp))
+ iap->ia_mode &= ~current_umask();
+
host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
if (host_err < 0) {
fh_drop_write(fhp);
--
2.27.0

View File

@ -103,6 +103,7 @@ bugfix/all/rtc-s35390a-set-uie_unsupported.patch
bugfix/all/include-uapi-linux-swab.h-fix-userspace-breakage-use.patch
bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
bugfix/all/nfsd-apply-umask-on-fs-without-ACL-support.patch
# Miscellaneous features