aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfsfh.c
diff options
context:
space:
mode:
authorNeil Brown <neilb@suse.de>2008-05-07 23:03:09 -0400
committerJ. Bruce Fields <bfields@citi.umich.edu>2008-06-30 15:24:11 -0400
commit496d6c32d4d057cb44272d9bd587ff97d023ee92 (patch)
tree5cfe2928782d5c58eab88f7b439b617858618b3f /fs/nfsd/nfsfh.c
parent863a24882ed0a57ff25daaf39885f3a47b706e4b (diff)
nfsd: fix spurious EACCESS in reconnect_path()
Thanks to Frank Van Maarseveen for the original problem report: "A privileged process on an NFS client which drops privileges after using them to change the current working directory, will experience incorrect EACCES after an NFS server reboot. This problem can also occur after memory pressure on the server, particularly when the client side is quiet for some time." This occurs because the filehandle points to a directory whose parents are no longer in the dentry cache, and we're attempting to reconnect the directory to its parents without adequate permissions to perform lookups in the parent directories. We can therefore fix the problem by acquiring the necessary capabilities before attempting the reconnection. We do this only in the no_subtree_check case, since the documented behavior of the subtree_check export option requires the server to check that the user has lookup permissions on all parents. The subtree_check case still has a problem, since reconnect_path() unnecessarily requires both read and lookup permissions on all parent directories. However, a fix in that case would be more delicate, and use of subtree_check is already discouraged for other reasons. Signed-off-by: Neil Brown <neilb@suse.de> Cc: Frank van Maarseveen <frankvm@frankvm.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'fs/nfsd/nfsfh.c')
-rw-r--r--fs/nfsd/nfsfh.c29
1 files changed, 26 insertions, 3 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index c7b0fdaeac96..f45451eb1e38 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -176,9 +176,24 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
176 if (IS_ERR(exp)) 176 if (IS_ERR(exp))
177 return nfserrno(PTR_ERR(exp)); 177 return nfserrno(PTR_ERR(exp));
178 178
179 error = nfsd_setuser_and_check_port(rqstp, exp); 179 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
180 if (error) 180 /* Elevate privileges so that the lack of 'r' or 'x'
181 goto out; 181 * permission on some parent directory will
182 * not stop exportfs_decode_fh from being able
183 * to reconnect a directory into the dentry cache.
184 * The same problem can affect "SUBTREECHECK" exports,
185 * but as nfsd_acceptable depends on correct
186 * access control settings being in effect, we cannot
187 * fix that case easily.
188 */
189 current->cap_effective =
190 cap_raise_nfsd_set(current->cap_effective,
191 current->cap_permitted);
192 } else {
193 error = nfsd_setuser_and_check_port(rqstp, exp);
194 if (error)
195 goto out;
196 }
182 197
183 /* 198 /*
184 * Look up the dentry using the NFS file handle. 199 * Look up the dentry using the NFS file handle.
@@ -215,6 +230,14 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
215 goto out; 230 goto out;
216 } 231 }
217 232
233 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
234 error = nfsd_setuser_and_check_port(rqstp, exp);
235 if (error) {
236 dput(dentry);
237 goto out;
238 }
239 }
240
218 if (S_ISDIR(dentry->d_inode->i_mode) && 241 if (S_ISDIR(dentry->d_inode->i_mode) &&
219 (dentry->d_flags & DCACHE_DISCONNECTED)) { 242 (dentry->d_flags & DCACHE_DISCONNECTED)) {
220 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %s/%s\n", 243 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %s/%s\n",