tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

NFSD: Do not allow NFSv4 (N)VERIFY to check POSIX ACL attributes

Section 9.3 of draft-ietf-nfsv4-posix-acls-00 prohibits use of
the POSIX ACL attributes with VERIFY and NVERIFY operations: the
server MUST reply NFS4ERR_INVAL when a client attempts this.

Beyond the protocol requirement, comparison of POSIX draft ACLs
via (N)VERIFY presents an implementation challenge. Clients are
not required to order the ACEs within a POSIX ACL in any
particular way, making reliable attribute comparison impractical.

Return nfserr_inval when the client requests FATTR4_POSIX_ACCESS_ACL
or FATTR4_POSIX_DEFAULT_ACL in a VERIFY or NVERIFY operation.

Signed-off-by: Rick Macklem <rmacklem@uoguelph.ca>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

authored by

Rick Macklem and committed by
Chuck Lever 9ac6fc0f 97e9a9ec

+5
+5
fs/nfsd/nfs4proc.c
··· 2380 2380 if (verify->ve_attrlen & 3) 2381 2381 return nfserr_inval; 2382 2382 2383 + /* The POSIX draft ACLs cannot be tested via (N)VERIFY. */ 2384 + if (verify->ve_bmval[2] & (FATTR4_WORD2_POSIX_DEFAULT_ACL | 2385 + FATTR4_WORD2_POSIX_ACCESS_ACL)) 2386 + return nfserr_inval; 2387 + 2383 2388 /* count in words: 2384 2389 * bitmap_len(1) + bitmap(2) + attr_len(1) = 4 2385 2390 */