Re: [PATCH openEuler-21.03] NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - Kernel

26 Oct 2021

Reviewed-by: Cheng Jian cj.chengjian@huawei.com
在 2021/10/24 16:58, wangyongpan 写道:
...
From: Dai Ngo dai.ngo@oracle.com
stable inclusion
from stable-v5.10.44
commit 6e13b9bc66f0e34238aa7b9486a0575177fb7955
bugzilla:https://bugzilla.openeuler.org/show_bug.cgi?id=414
CVE: NA

commit f8849e206ef52b584cd9227255f4724f0cc900bb upstream.
Currently if __nfs4_proc_set_acl fails with NFS4ERR_BADOWNER it
re-enables the idmapper by clearing NFS_CAP_UIDGID_NOMAP before
retrying again. The NFS_CAP_UIDGID_NOMAP remains cleared even if
the retry fails. This causes problem for subsequent setattr
requests for v4 server that does not have idmapping configured.
This patch modifies nfs4_proc_set_acl to detect NFS4ERR_BADOWNER
and NFS4ERR_BADNAME and skips the retry, since the kernel isn't
involved in encoding the ACEs, and return -EINVAL.
Steps to reproduce the problem:
# mount -o vers=4.1,sec=sys server:/export/test /tmp/mnt
  # touch /tmp/mnt/file1
  # chown 99 /tmp/mnt/file1
  # nfs4_setfacl -a A::unknown.user@xyz.com:wrtncy /tmp/mnt/file1
  Failed setxattr operation: Invalid argument
  # chown 99 /tmp/mnt/file1
  chown: changing ownership of ‘/tmp/mnt/file1’: Invalid argument
  # umount /tmp/mnt
  # mount -o vers=4.1,sec=sys server:/export/test /tmp/mnt
  # chown 99 /tmp/mnt/file1
  #
v2: detect NFS4ERR_BADOWNER and NFS4ERR_BADNAME and skip retry
        in nfs4_proc_set_acl.
Signed-off-by: Dai Ngo dai.ngo@oracle.com
Signed-off-by: Trond Myklebust trond.myklebust@hammerspace.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: wangyongpan 1071630525@qq.com

fs/nfs/nfs4proc.c | 8 ++++++++
  1 file changed, 8 insertions(+)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index eedcbe6832fb..f387b34bc5e5 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5942,6 +5942,14 @@ static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen
   do {
   	err = __nfs4_proc_set_acl(inode, buf, buflen);
   	trace_nfs4_set_acl(inode, err);

if (err == -NFS4ERR_BADOWNER || err == -NFS4ERR_BADNAME) {


	/*


	 * no need to retry since the kernel


	 * isn't involved in encoding the ACEs.


	 */


	err = -EINVAL;


	break;


}

err = nfs4_handle_exception(NFS_SERVER(inode), err,
		&exception);
} while (exception.retry);


    