From owner-svn-src-all@FreeBSD.ORG Sun Feb 12 06:01:50 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64B3F106564A; Sun, 12 Feb 2012 06:01:50 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3834D8FC08; Sun, 12 Feb 2012 06:01:50 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q1C61oMC067818; Sun, 12 Feb 2012 06:01:50 GMT (envelope-from rmacklem@svn.freebsd.org) Received: (from rmacklem@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q1C61ohW067816; Sun, 12 Feb 2012 06:01:50 GMT (envelope-from rmacklem@svn.freebsd.org) Message-Id: <201202120601.q1C61ohW067816@svn.freebsd.org> From: Rick Macklem Date: Sun, 12 Feb 2012 06:01:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r231545 - stable/9/sys/fs/nfsclient X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Feb 2012 06:01:50 -0000 Author: rmacklem Date: Sun Feb 12 06:01:49 2012 New Revision: 231545 URL: http://svn.freebsd.org/changeset/base/231545 Log: MFC: r231133 r228827 fixed a problem where copying of NFSv4 open credentials into a credential structure would corrupt it. This happened when the p argument was != NULL. However, I now realize that the copying of open credentials should only happen for p == NULL, since that indicates that it is a read-ahead or write-behind. This patch fixes this. After this commit, r228827 could be reverted, but I think the code is clearer and safer with the patch, so I am going to leave it in. Without this patch, it was possible that a NFSv4 VOP_SETATTR() could have changed the credentials of the caller. This would have happened if the process doing the VOP_SETATTR() did not have the file open, but some other process running as a different uid had the file open for writing at the same time. Modified: stable/9/sys/fs/nfsclient/nfs_clstate.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/amd64/include/xen/ (props changed) stable/9/sys/boot/ (props changed) stable/9/sys/boot/i386/efi/ (props changed) stable/9/sys/boot/ia64/efi/ (props changed) stable/9/sys/boot/ia64/ski/ (props changed) stable/9/sys/boot/powerpc/boot1.chrp/ (props changed) stable/9/sys/boot/powerpc/ofw/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) stable/9/sys/conf/ (props changed) stable/9/sys/contrib/dev/acpica/ (props changed) stable/9/sys/contrib/octeon-sdk/ (props changed) stable/9/sys/contrib/pf/ (props changed) stable/9/sys/contrib/x86emu/ (props changed) Modified: stable/9/sys/fs/nfsclient/nfs_clstate.c ============================================================================== --- stable/9/sys/fs/nfsclient/nfs_clstate.c Sun Feb 12 05:34:01 2012 (r231544) +++ stable/9/sys/fs/nfsclient/nfs_clstate.c Sun Feb 12 06:01:49 2012 (r231545) @@ -559,8 +559,12 @@ nfscl_getstateid(vnode_t vp, u_int8_t *n NFSUNLOCKCLSTATE(); return (ENOENT); } - /* for read aheads or write behinds, use the open cred */ - newnfs_copycred(&op->nfso_cred, cred); + /* + * For read aheads or write behinds, use the open cred. + * A read ahead or write behind is indicated by p == NULL. + */ + if (p == NULL) + newnfs_copycred(&op->nfso_cred, cred); } /*