Add two commits two 4.4 stable kernel series

Add two commits two 4.4 stable kernel series

[Paul Menzel]

Dear Trond, dear Anna,


Should commit 5c5fc09 (NFS: Ensure we revalidate attributes before using 
execute_ok()) and commit 762674f8 (NFSv4: Don't perform cached access 
checks before we've OPENed the file) be added to the Linux 4.4 series? 
Was it just overlooked as there is no stable tag?


Kind regards,

Paul

Cherry pick *NFS: Ensure we revalidate attributes before using execute_ok()* to 4.4

[Paul Menzel]

>From b5c610b9bb2fbe7bc2a18362079538cca68ad6ce Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust@primarydata.com>
Date: Mon, 28 Dec 2015 19:30:05 -0500
Subject: [PATCH 1/2] NFS: Ensure we revalidate attributes before using execute_ok()

[ commit 5c5fc09a1157a11dbe84e6421c3e0b37d05238cb upstream ]

Donald Buczek reports that NFS clients can also report incorrect
results for access() due to lack of revalidation of attributes
before calling execute_ok().
Looking closely, it seems chdir() is afflicted with the same problem.

Fix is to ensure we call nfs_revalidate_inode_rcu() or
nfs_revalidate_inode() as appropriate before deciding to trust
execute_ok().

Reported-by: Donald Buczek <buczek@molgen.mpg.de>
Link: http://lkml.kernel.org/r/1451331530-3748-1-git-send-email-buczek@molgen.mpg.de
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
---
 fs/nfs/dir.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 52ee0b7..2d7c451 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2421,6 +2421,20 @@ int nfs_may_open(struct inode *inode, struct rpc_cred *cred, int openflags)
 }
 EXPORT_SYMBOL_GPL(nfs_may_open);
 
+static int nfs_execute_ok(struct inode *inode, int mask)
+{
+	struct nfs_server *server = NFS_SERVER(inode);
+	int ret;
+
+	if (mask & MAY_NOT_BLOCK)
+		ret = nfs_revalidate_inode_rcu(server, inode);
+	else
+		ret = nfs_revalidate_inode(server, inode);
+	if (ret == 0 && !execute_ok(inode))
+		ret = -EACCES;
+	return ret;
+}
+
 int nfs_permission(struct inode *inode, int mask)
 {
 	struct rpc_cred *cred;
@@ -2470,8 +2484,8 @@ force_lookup:
 			res = PTR_ERR(cred);
 	}
 out:
-	if (!res && (mask & MAY_EXEC) && !execute_ok(inode))
-		res = -EACCES;
+	if (!res && (mask & MAY_EXEC))
+		res = nfs_execute_ok(inode, mask);
 
 	dfprintk(VFS, "NFS: permission(%s/%lu), mask=0x%x, res=%d\n",
 		inode->i_sb->s_id, inode->i_ino, mask, res);
-- 
2.4.1

Cherry pick *NFSv4: Don't perform cached access checks before we've OPENed the file* to 4.4

[Paul Menzel]

>From a57429c935ed0d5484a8c51795694bb61a3c1008 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust@primarydata.com>
Date: Sat, 26 Dec 2015 21:54:58 -0500
Subject: [PATCH 2/2] NFSv4: Don't perform cached access checks before we've OPENed the file

[ commit 762674f86d0328d5dc923c966e209e1ee59663f2 upstream ]

Donald Buczek reports that a nfs4 client incorrectly denies
execute access based on outdated file mode (missing 'x' bit).
After the mode on the server is 'fixed' (chmod +x) further execution
attempts continue to fail, because the nfs ACCESS call updates
the access parameter but not the mode parameter or the mode in
the inode.

The root cause is ultimately that the VFS is calling may_open()
before the NFS client has a chance to OPEN the file and hence revalidate
the access and attribute caches.

Al Viro suggests:
>>> Make nfs_permission() relax the checks when it sees MAY_OPEN, if you know
>>> that things will be caught by server anyway?
>>
>> That can work as long as we're guaranteed that everything that calls
>> inode_permission() with MAY_OPEN on a regular file will also follow up
>> with a vfs_open() or dentry_open() on success. Is this always the
>> case?
>
> 1) in do_tmpfile(), followed by do_dentry_open() (not reachable by NFS since
> it doesn't have ->tmpfile() instance anyway)
>
> 2) in atomic_open(), after the call of ->atomic_open() has succeeded.
>
> 3) in do_last(), followed on success by vfs_open()
>
> That's all.  All calls of inode_permission() that get MAY_OPEN come from
> may_open(), and there's no other callers of that puppy.

Reported-by: Donald Buczek <buczek@molgen.mpg.de>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=109771
Link: http://lkml.kernel.org/r/1451046656-26319-1-git-send-email-buczek@molgen.mpg.de
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
---
 fs/nfs/dir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 2d7c451..5b21b1c 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2452,6 +2452,9 @@ int nfs_permission(struct inode *inode, int mask)
 		case S_IFLNK:
 			goto out;
 		case S_IFREG:
+			if ((mask & MAY_OPEN) &&
+			   nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN))
+				return 0;
 			break;
 		case S_IFDIR:
 			/*
-- 
2.4.1

Re: Cherry pick *NFSv4: Don't perform cached access checks before we've OPENed the file* to 4.4

[Greg KH]

On Sun, Jun 11, 2017 at 12:16:19PM +0200, Paul Menzel wrote:
> >From a57429c935ed0d5484a8c51795694bb61a3c1008 Mon Sep 17 00:00:00 2001
> From: Trond Myklebust <trond.myklebust@primarydata.com>
> Date: Sat, 26 Dec 2015 21:54:58 -0500
> Subject: [PATCH 2/2] NFSv4: Don't perform cached access checks before we've OPENed the file

<snip>

thanks, now applied.

greg k-h

Re: Cherry pick *NFS: Ensure we revalidate attributes before using execute_ok()* to 4.4

[Greg KH]

On Sun, Jun 11, 2017 at 12:13:44PM +0200, Paul Menzel wrote:
> >From b5c610b9bb2fbe7bc2a18362079538cca68ad6ce Mon Sep 17 00:00:00 2001
> From: Trond Myklebust <trond.myklebust@primarydata.com>
> Date: Mon, 28 Dec 2015 19:30:05 -0500
> Subject: [PATCH 1/2] NFS: Ensure we revalidate attributes before using execute_ok()
> 
> [ commit 5c5fc09a1157a11dbe84e6421c3e0b37d05238cb upstream ]

Now applied, thanks.

greg k-h