Date: Tue, 7 Feb 2012 16:32:43 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r231133 - head/sys/fs/nfsclient Message-ID: <201202071632.q17GWhZW097454@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Tue Feb 7 16:32:43 2012 New Revision: 231133 URL: http://svn.freebsd.org/changeset/base/231133 Log: r228827 fixed a problem where copying of NFSv4 open credentials into a credential structure would corrupt it. This happened when the p argument was != NULL. However, I now realize that the copying of open credentials should only happen for p == NULL, since that indicates that it is a read-ahead or write-behind. This patch fixes this. After this commit, r228827 could be reverted, but I think the code is clearer and safer with the patch, so I am going to leave it in. Without this patch, it was possible that a NFSv4 VOP_SETATTR() could have changed the credentials of the caller. This would have happened if the process doing the VOP_SETATTR() did not have the file open, but some other process running as a different uid had the file open for writing at the same time. MFC after: 5 days Modified: head/sys/fs/nfsclient/nfs_clstate.c Modified: head/sys/fs/nfsclient/nfs_clstate.c ============================================================================== --- head/sys/fs/nfsclient/nfs_clstate.c Tue Feb 7 16:07:29 2012 (r231132) +++ head/sys/fs/nfsclient/nfs_clstate.c Tue Feb 7 16:32:43 2012 (r231133) @@ -559,8 +559,12 @@ nfscl_getstateid(vnode_t vp, u_int8_t *n NFSUNLOCKCLSTATE(); return (ENOENT); } - /* for read aheads or write behinds, use the open cred */ - newnfs_copycred(&op->nfso_cred, cred); + /* + * For read aheads or write behinds, use the open cred. + * A read ahead or write behind is indicated by p == NULL. + */ + if (p == NULL) + newnfs_copycred(&op->nfso_cred, cred); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202071632.q17GWhZW097454>