r228827 fixed a problem where copying of NFSv4 open credentials into

a credential structure would corrupt it. This happened when the p argument was != NULL. However, I now realize that the copying of open credentials should only happen for p == NULL, since that indicates that it is a read-ahead or write-behind. This patch fixes this. After this commit, r228827 could be reverted, but I think the code is clearer and safer with the patch, so I am going to leave it in. Without this patch, it was possible that a NFSv4 VOP_SETATTR() could have changed the credentials of the caller. This would have happened if the process doing the VOP_SETATTR() did not have the file open, but some other process running as a different uid had the file open for writing at the same time. MFC after: 5 days
svn path=/head/; revision=231133
2024-12-21 11:13:30 +00:00 · 2012-02-07 16:32:43 +00:00 · 2012-02-07 16:32:43 +00:00 · 8c9c322347 · 2020-12-20 02:59:44 +00:00
commit 8c9c322347
parent 50c8ec53f6
1 changed files with 6 additions and 2 deletions
--- a/sys/fs/nfsclient/nfs_clstate.c
+++ b/sys/fs/nfsclient/nfs_clstate.c
@ -559,8 +559,12 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 			NFSUNLOCKCLSTATE();
 			return (ENOENT);
 		}
-		/* for read aheads or write behinds, use the open cred */
-		newnfs_copycred(&op->nfso_cred, cred);
+		/*
+		 * For read aheads or write behinds, use the open cred.
+		 * A read ahead or write behind is indicated by p == NULL.
+		 */
+		if (p == NULL)
+			newnfs_copycred(&op->nfso_cred, cred);
 	}

 	/*