* [PATCH] nfsd3: Check write permission after checking existence
@ 2014-08-09 13:44 Ross Lagerwall
2014-08-11 19:08 ` J. Bruce Fields
0 siblings, 1 reply; 3+ messages in thread
From: Ross Lagerwall @ 2014-08-09 13:44 UTC (permalink / raw)
To: linux-nfs; +Cc: J. Bruce Fields, Ross Lagerwall
When creating a file that already exists in a read-only directory with
O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
files and the NFSv4 server return). Fix this by checking the MAY_CREATE
permission only if the file does not exist. Since this already happens
in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.
Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
---
fs/nfsd/nfs3proc.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c
index 4012899..8ebd4ac 100644
--- a/fs/nfsd/nfs3proc.c
+++ b/fs/nfsd/nfs3proc.c
@@ -227,11 +227,6 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
newfhp = fh_init(&resp->fh, NFS3_FHSIZE);
attr = &argp->attrs;
- /* Get the directory inode */
- nfserr = fh_verify(rqstp, dirfhp, S_IFDIR, NFSD_MAY_CREATE);
- if (nfserr)
- RETURN_STATUS(nfserr);
-
/* Unfudge the mode bits */
attr->ia_mode &= ~S_IFMT;
if (!(attr->ia_valid & ATTR_MODE)) {
--
2.0.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] nfsd3: Check write permission after checking existence
2014-08-09 13:44 [PATCH] nfsd3: Check write permission after checking existence Ross Lagerwall
@ 2014-08-11 19:08 ` J. Bruce Fields
2014-08-11 20:28 ` Ross Lagerwall
0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2014-08-11 19:08 UTC (permalink / raw)
To: Ross Lagerwall; +Cc: linux-nfs
On Sat, Aug 09, 2014 at 02:44:00PM +0100, Ross Lagerwall wrote:
> When creating a file that already exists in a read-only directory with
> O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
> files and the NFSv4 server return). Fix this by checking the MAY_CREATE
> permission only if the file does not exist. Since this already happens
> in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.
Thanks.
>From a look at the history I believe the server has behaved this way
since the beginning. Is this creating a practical problem for you? How
did you notice it?
Inclined to apply it just for consistency as you suggest. And because
it removes some unnecessary code. But as a low priority: for 3.18 and
not stable.
--b.
>
> Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
> ---
> fs/nfsd/nfs3proc.c | 5 -----
> 1 file changed, 5 deletions(-)
>
> diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c
> index 4012899..8ebd4ac 100644
> --- a/fs/nfsd/nfs3proc.c
> +++ b/fs/nfsd/nfs3proc.c
> @@ -227,11 +227,6 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
> newfhp = fh_init(&resp->fh, NFS3_FHSIZE);
> attr = &argp->attrs;
>
> - /* Get the directory inode */
> - nfserr = fh_verify(rqstp, dirfhp, S_IFDIR, NFSD_MAY_CREATE);
> - if (nfserr)
> - RETURN_STATUS(nfserr);
> -
> /* Unfudge the mode bits */
> attr->ia_mode &= ~S_IFMT;
> if (!(attr->ia_valid & ATTR_MODE)) {
> --
> 2.0.3
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] nfsd3: Check write permission after checking existence
2014-08-11 19:08 ` J. Bruce Fields
@ 2014-08-11 20:28 ` Ross Lagerwall
0 siblings, 0 replies; 3+ messages in thread
From: Ross Lagerwall @ 2014-08-11 20:28 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
On Mon, Aug 11, 2014 at 03:08:38PM -0400, J. Bruce Fields wrote:
> On Sat, Aug 09, 2014 at 02:44:00PM +0100, Ross Lagerwall wrote:
> > When creating a file that already exists in a read-only directory with
> > O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
> > files and the NFSv4 server return). Fix this by checking the MAY_CREATE
> > permission only if the file does not exist. Since this already happens
> > in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.
>
> Thanks.
>
> From a look at the history I believe the server has behaved this way
> since the beginning. Is this creating a practical problem for you? How
> did you notice it?
I help maintain GNOME's gvfs and so I have a bunch of test programs
which I run to check for conformance. I noticed that:
gvfs-save /mnt/dir/file
fails with a permission denied error when file is on an NFSv3 mount and
dir is read-only. Basically, gvfs-save first tries to create the file.
If it already exists, then it just truncates it. But on NFSv3, the
first creation generates a permission denied error so the operation is
aborted.
Not really a practical problem, but it is possible to see this with
various real-world programs which do a similar dance when saving like
this:
open(path, O_WRONLY|O_CREAT|O_EXCL)
if EEXIST:
open(path, O_WRONLY|O_CREAT|O_TRUNC)
else:
bail()
(For Linux NFS clients, the kernel does its own client-side caching so
if you do:
ls /mnt/dir; gvfs-save /mnt/dir/file
it magically works!)
>
> Inclined to apply it just for consistency as you suggest. And because
> it removes some unnecessary code. But as a low priority: for 3.18 and
> not stable.
>
OK, your decision. That is OK with me.
Cheers,
--
Ross Lagerwall
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-08-11 20:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-09 13:44 [PATCH] nfsd3: Check write permission after checking existence Ross Lagerwall
2014-08-11 19:08 ` J. Bruce Fields
2014-08-11 20:28 ` Ross Lagerwall
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.