NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock()

NFSv4 LOCK operations should not avoid the set of authorization checks that apply to all other NFSv4 operations. Also, the "no_auth_nlm" export option should apply only to NLM LOCK requests. It's not necessary or sensible to apply it to NFSv4 LOCK operations. Instead, set no permission bits when calling fh_verify(). Subsequent stateid processing handles authorization checks. Reported-by: NeilBrown <neilb@suse.de> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
author: Chuck Lever <chuck.lever@oracle.com> 2024-10-13 16:02:28 -0400
committer: Chuck Lever <chuck.lever@oracle.com> 2024-11-18 20:23:00 -0500
commit: 6640556b0c80edc66d6f50abe53f00311a873536 (patch)
tree: e132663bd4c15238fbbcfb06f0de952e81eff1cd
parent: ed9887b876c957c9c9a0486cf0edf7c964e99cb9 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 291db55c90e4..2efceeea0fe3 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -7965,11 +7965,9 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
 	if (check_lock_length(lock->lk_offset, lock->lk_length))
 		 return nfserr_inval;
 
-	if ((status = fh_verify(rqstp, &cstate->current_fh,
-				S_IFREG, NFSD_MAY_LOCK))) {
-		dprintk("NFSD: nfsd4_lock: permission denied!\n");
+	status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
+	if (status != nfs_ok)
 		return status;
-	}
 	sb = cstate->current_fh.fh_dentry->d_sb;
 
 	if (lock->lk_is_new) {
author	Chuck Lever <chuck.lever@oracle.com>	2024-10-13 16:02:28 -0400
committer	Chuck Lever <chuck.lever@oracle.com>	2024-11-18 20:23:00 -0500
commit	6640556b0c80edc66d6f50abe53f00311a873536 (patch)
tree	e132663bd4c15238fbbcfb06f0de952e81eff1cd
parent	ed9887b876c957c9c9a0486cf0edf7c964e99cb9 (diff)