[PATCH 4.19 27/36] nfsd: apply umask on fs without ACL support
From: Greg Kroah-Hartman
Date:  Tue Jul 07 2020 - 11:19:36 EST
From: J. Bruce Fields <bfields@xxxxxxxxxx>
commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 upstream.
The server is failing to apply the umask when creating new objects on
filesystems without ACL support.
To reproduce this, you need to use NFSv4.2 and a client and server
recent enough to support umask, and you need to export a filesystem that
lacks ACL support (for example, ext4 with the "noacl" mount option).
Filesystems with ACL support are expected to take care of the umask
themselves (usually by calling posix_acl_create).
For filesystems without ACL support, this is up to the caller of
vfs_create(), vfs_mknod(), or vfs_mkdir().
Reported-by: Elliott Mitchell <ehem+debian@xxxxxxx>
Reported-by: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Tested-by: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Fixes: 47057abde515 ("nfsd: add support for the umask attribute")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/nfsd/vfs.c |    6 ++++++
 1 file changed, 6 insertions(+)
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1206,6 +1206,9 @@ nfsd_create_locked(struct svc_rqst *rqst
 		iap->ia_mode = 0;
 	iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
 
+	if (!IS_POSIXACL(dirp))
+		iap->ia_mode &= ~current_umask();
+
 	err = 0;
 	host_err = 0;
 	switch (type) {
@@ -1439,6 +1442,9 @@ do_nfsd_create(struct svc_rqst *rqstp, s
 		goto out;
 	}
 
+	if (!IS_POSIXACL(dirp))
+		iap->ia_mode &= ~current_umask();
+
 	host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
 	if (host_err < 0) {
 		fh_drop_write(fhp);