From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A33B4C41514 for ; Fri, 2 Aug 2019 10:05:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7360620880 for ; Fri, 2 Aug 2019 10:05:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564740345; bh=C9P/y3eAGQJwazaKIDv0xif61c899R6yFZU2SAGmbxk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ppmW2tIxC5iXVdBpoU04XIoInmPVgqMcRP50w8rfuo39MKatEZPBg3g12OSLKF50d yuqiz/FXHJtfORDfndhcFLo+t6Wb49toIHBpyZPMLSX6WautgePKngFHlxudYjUJl7 tD/zz2jjMG7lrqfa9zTCe2HYKN6wugleRtsNwp/o= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391175AbfHBJcM (ORCPT ); Fri, 2 Aug 2019 05:32:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:58872 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391145AbfHBJcJ (ORCPT ); Fri, 2 Aug 2019 05:32:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 200B9217F5; Fri, 2 Aug 2019 09:32:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564738328; bh=C9P/y3eAGQJwazaKIDv0xif61c899R6yFZU2SAGmbxk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IWw4nnwxacuPHPCW3WTWmQ/VHcKzosnKRppNmUWVmSAnZQhG3b73RgEV6cUnHuyJr D8p5UpQKjJ1Ay/oUMMg8cWln8U9gQ211/5YATud7Zh24W0gqkUvfbPRca1Jx0Ol1kn yEJnH8wUEsuHHtayQ21EOZk/tgDn0yr2A2YyaIOk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 4.4 061/158] NFSv4: Handle the special Linux file open access mode Date: Fri, 2 Aug 2019 11:28:02 +0200 Message-Id: <20190802092216.428259836@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190802092203.671944552@linuxfoundation.org> References: <20190802092203.671944552@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 44942b4e457beda00981f616402a1a791e8c616e upstream. According to the open() manpage, Linux reserves the access mode 3 to mean "check for read and write permission on the file and return a file descriptor that can't be used for reading or writing." Currently, the NFSv4 code will ask the server to open the file, and will use an incorrect share access mode of 0. Since it has an incorrect share access mode, the client later forgets to send a corresponding close, meaning it can leak stateids on the server. Fixes: ce4ef7c0a8a05 ("NFS: Split out NFS v4 file operations") Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/inode.c | 1 + fs/nfs/nfs4file.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -935,6 +935,7 @@ int nfs_open(struct inode *inode, struct nfs_fscache_open_file(inode, filp); return 0; } +EXPORT_SYMBOL_GPL(nfs_open); /* * This function is called whenever some part of NFS notices that --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -49,7 +49,7 @@ nfs4_file_open(struct inode *inode, stru return err; if ((openflags & O_ACCMODE) == 3) - openflags--; + return nfs_open(inode, filp); /* We can't create new files here */ openflags &= ~(O_CREAT|O_EXCL);