Author: rmacklem
Date: Tue Feb 7 16:32:43 2012
New Revision: 231133
URL: http://svn.freebsd.org/changeset/base/231133
Log:
r228827 fixed a problem where copying of NFSv4 open credentials into
a credential structure would corrupt it. This happened when the
p argument was != NULL. However, I now realize that the copying of
open credentials should only happen for p == NULL, since that indicates
that it is a read-ahead or write-behind. This patch fixes this.
After this commit, r228827 could be reverted, but I think the code is
clearer and safer with the patch, so I am going to leave it in.
Without this patch, it was possible that a NFSv4 VOP_SETATTR() could have
changed the credentials of the caller. This would have happened if
the process doing the VOP_SETATTR() did not have the file open, but
some other process running as a different uid had the file open for writing
at the same time.
MFC after: 5 days
Modified:
head/sys/fs/nfsclient/nfs_clstate.c
Modified: head/sys/fs/nfsclient/nfs_clstate.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clstate.c Tue Feb 7 16:07:29 2012
(r231132)
+++ head/sys/fs/nfsclient/nfs_clstate.c Tue Feb 7 16:32:43 2012
(r231133)
@@ -559,8 +559,12 @@ nfscl_getstateid(vnode_t vp, u_int8_t *n
NFSUNLOCKCLSTATE();
return (ENOENT);
}
- /* for read aheads or write behinds, use the open cred */
- newnfs_copycred(&op->nfso_cred, cred);
+ /*
+ * For read aheads or write behinds, use the open cred.
+ * A read ahead or write behind is indicated by p == NULL.
+ */
+ if (p == NULL)
+ newnfs_copycred(&op->nfso_cred, cred);
}
/*
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
