All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] nfsd3: Check write permission after checking existence
@ 2014-08-09 13:44 Ross Lagerwall
  2014-08-11 19:08 ` J. Bruce Fields
  0 siblings, 1 reply; 3+ messages in thread
From: Ross Lagerwall @ 2014-08-09 13:44 UTC (permalink / raw)
  To: linux-nfs; +Cc: J. Bruce Fields, Ross Lagerwall

When creating a file that already exists in a read-only directory with
O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
files and the NFSv4 server return).  Fix this by checking the MAY_CREATE
permission only if the file does not exist.  Since this already happens
in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.

Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
---
 fs/nfsd/nfs3proc.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c
index 4012899..8ebd4ac 100644
--- a/fs/nfsd/nfs3proc.c
+++ b/fs/nfsd/nfs3proc.c
@@ -227,11 +227,6 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
 	newfhp = fh_init(&resp->fh, NFS3_FHSIZE);
 	attr   = &argp->attrs;
 
-	/* Get the directory inode */
-	nfserr = fh_verify(rqstp, dirfhp, S_IFDIR, NFSD_MAY_CREATE);
-	if (nfserr)
-		RETURN_STATUS(nfserr);
-
 	/* Unfudge the mode bits */
 	attr->ia_mode &= ~S_IFMT;
 	if (!(attr->ia_valid & ATTR_MODE)) { 
-- 
2.0.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] nfsd3: Check write permission after checking existence
  2014-08-09 13:44 [PATCH] nfsd3: Check write permission after checking existence Ross Lagerwall
@ 2014-08-11 19:08 ` J. Bruce Fields
  2014-08-11 20:28   ` Ross Lagerwall
  0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2014-08-11 19:08 UTC (permalink / raw)
  To: Ross Lagerwall; +Cc: linux-nfs

On Sat, Aug 09, 2014 at 02:44:00PM +0100, Ross Lagerwall wrote:
> When creating a file that already exists in a read-only directory with
> O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
> files and the NFSv4 server return).  Fix this by checking the MAY_CREATE
> permission only if the file does not exist.  Since this already happens
> in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.

Thanks.

>From a look at the history I believe the server has behaved this way
since the beginning.  Is this creating a practical problem for you?  How
did you notice it?

Inclined to apply it just for consistency as you suggest.  And because
it removes some unnecessary code.  But as a low priority: for 3.18 and
not stable.

--b.

> 
> Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
> ---
>  fs/nfsd/nfs3proc.c | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c
> index 4012899..8ebd4ac 100644
> --- a/fs/nfsd/nfs3proc.c
> +++ b/fs/nfsd/nfs3proc.c
> @@ -227,11 +227,6 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
>  	newfhp = fh_init(&resp->fh, NFS3_FHSIZE);
>  	attr   = &argp->attrs;
>  
> -	/* Get the directory inode */
> -	nfserr = fh_verify(rqstp, dirfhp, S_IFDIR, NFSD_MAY_CREATE);
> -	if (nfserr)
> -		RETURN_STATUS(nfserr);
> -
>  	/* Unfudge the mode bits */
>  	attr->ia_mode &= ~S_IFMT;
>  	if (!(attr->ia_valid & ATTR_MODE)) { 
> -- 
> 2.0.3
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] nfsd3: Check write permission after checking existence
  2014-08-11 19:08 ` J. Bruce Fields
@ 2014-08-11 20:28   ` Ross Lagerwall
  0 siblings, 0 replies; 3+ messages in thread
From: Ross Lagerwall @ 2014-08-11 20:28 UTC (permalink / raw)
  To: J. Bruce Fields; +Cc: linux-nfs

On Mon, Aug 11, 2014 at 03:08:38PM -0400, J. Bruce Fields wrote:
> On Sat, Aug 09, 2014 at 02:44:00PM +0100, Ross Lagerwall wrote:
> > When creating a file that already exists in a read-only directory with
> > O_EXCL, the NFSv3 server returns EACCES rather than EEXIST (which local
> > files and the NFSv4 server return).  Fix this by checking the MAY_CREATE
> > permission only if the file does not exist.  Since this already happens
> > in do_nfsd_create, the check in nfsd3_proc_create can simply be removed.
> 
> Thanks.
> 
> From a look at the history I believe the server has behaved this way
> since the beginning.  Is this creating a practical problem for you?  How
> did you notice it?

I help maintain GNOME's gvfs and so I have a bunch of test programs
which I run to check for conformance.  I noticed that:
gvfs-save /mnt/dir/file
fails with a permission denied error when file is on an NFSv3 mount and
dir is read-only.  Basically, gvfs-save first tries to create the file.
If it already exists, then it just truncates it.  But on NFSv3, the
first creation generates a permission denied error so the operation is
aborted.

Not really a practical problem, but it is possible to see this with
various real-world programs which do a similar dance when saving like
this:
open(path, O_WRONLY|O_CREAT|O_EXCL)
if EEXIST:
  open(path, O_WRONLY|O_CREAT|O_TRUNC)
else:
  bail()

(For Linux NFS clients, the kernel does its own client-side caching so
if you do:
ls /mnt/dir; gvfs-save /mnt/dir/file
it magically works!)

> 
> Inclined to apply it just for consistency as you suggest.  And because
> it removes some unnecessary code.  But as a low priority: for 3.18 and
> not stable.
> 

OK, your decision.  That is OK with me.

Cheers,
-- 
Ross Lagerwall

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-08-11 20:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-09 13:44 [PATCH] nfsd3: Check write permission after checking existence Ross Lagerwall
2014-08-11 19:08 ` J. Bruce Fields
2014-08-11 20:28   ` Ross Lagerwall

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.