diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2025-10-15 18:08:43 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-10-19 16:34:03 +0200 |
| commit | 763d4aa418456afb2e1bdef27216332352813aad (patch) | |
| tree | 88825db5c03ecf9f223c48c563d729f7018fc473 | |
| parent | 658bedb82ec55e8910de1b623d509a7f661d6a4d (diff) | |
| download | linux-763d4aa418456afb2e1bdef27216332352813aad.tar.gz linux-763d4aa418456afb2e1bdef27216332352813aad.tar.bz2 linux-763d4aa418456afb2e1bdef27216332352813aad.zip | |
NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock()
[ Upstream commit 6640556b0c80edc66d6f50abe53f00311a873536 ]
NFSv4 LOCK operations should not avoid the set of authorization
checks that apply to all other NFSv4 operations. Also, the
"no_auth_nlm" export option should apply only to NLM LOCK requests.
It's not necessary or sensible to apply it to NFSv4 LOCK operations.
Instead, set no permission bits when calling fh_verify(). Subsequent
stateid processing handles authorization checks.
Reported-by: NeilBrown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Stable-dep-of: 898374fdd7f0 ("nfsd: unregister with rpcbind when deleting a transport")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/nfsd/nfs4state.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index bcb44400e243..7b0fabf8c657 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -7998,11 +7998,9 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, if (check_lock_length(lock->lk_offset, lock->lk_length)) return nfserr_inval; - if ((status = fh_verify(rqstp, &cstate->current_fh, - S_IFREG, NFSD_MAY_LOCK))) { - dprintk("NFSD: nfsd4_lock: permission denied!\n"); + status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); + if (status != nfs_ok) return status; - } sb = cstate->current_fh.fh_dentry->d_sb; if (lock->lk_is_new) { |