Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd9288ff authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFSv4: Fix another bug in the close/open_downgrade code 



James Drew reports another bug whereby the NFS client is now sending
an OPEN_DOWNGRADE in a situation where it should really have sent a
CLOSE: the client is opening the file for O_RDWR, but then trying to
do a downgrade to O_RDONLY, which is not allowed by the NFSv4 spec.

Reported-by: default avatarJames Drews <drews@engr.wisc.edu>
Link: http://lkml.kernel.org/r/541AD7E5.8020409@engr.wisc.edu


Fixes: aee7af35 (NFSv4: Fix problems with close in the presence...)
Cc: stable@vger.kernel.org # 2.6.33+
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
parent 080af20c

fs/nfs/nfs4proc.c

+15 −15
Original line number Diff line number Diff line
@@ -2618,23 +2618,23 @@ static void nfs4_close_prepare(struct rpc_task *task, void *data) 
	is_rdwr = test_bit(NFS_O_RDWR_STATE, &state->flags);

	is_rdonly = test_bit(NFS_O_RDONLY_STATE, &state->flags);

	is_wronly = test_bit(NFS_O_WRONLY_STATE, &state->flags);

	/* Calculate the current open share mode */

	/* Calculate the change in open mode */

	calldata->arg.fmode = 0;

	if (is_rdonly || is_rdwr)

	if (state->n_rdwr == 0) {

		if (state->n_rdonly == 0)

			call_close |= is_rdonly;

		else if (is_rdonly)

			calldata->arg.fmode |= FMODE_READ;

	if (is_wronly || is_rdwr)

		if (state->n_wronly == 0)

			call_close |= is_wronly;

		else if (is_wronly)

			calldata->arg.fmode |= FMODE_WRITE;

	/* Calculate the change in open mode */

	if (state->n_rdwr == 0) {

		if (state->n_rdonly == 0) {

			call_close |= is_rdonly || is_rdwr;

			calldata->arg.fmode &= ~FMODE_READ;

		}

		if (state->n_wronly == 0) {

			call_close |= is_wronly || is_rdwr;

			calldata->arg.fmode &= ~FMODE_WRITE;

		}

	}

	} else if (is_rdwr)

		calldata->arg.fmode |= FMODE_READ|FMODE_WRITE;



	if (calldata->arg.fmode == 0)

		call_close |= is_rdwr;



	if (!nfs4_valid_open_stateid(state))

		call_close = 0;

	spin_unlock(&state->owner->so_lock);