From 396de0a2c1a6f5bf2d505a0f099ac9a0319a4cf7 Mon Sep 17 00:00:00 2001 From: Li Dongyang Date: Tue, 5 Jan 2016 16:43:39 +1100 Subject: [PATCH] LU-7630 mdt: keep FS capability for getattr_name This is a follow up of LU-6528. When "no_subtree_check" is set for NFS export, nfsd_set_fh_dentry() doesn't set correct fsuid explicitely, but raise capability to allow exportfs_decode_fh() to reconnect disconnected dentry into dcache. The patch of LU-6528 fixed the issue for mdt_reint_getattr() but missed the case for mdt_getattr_name(). LU-6528 added drop_fs_cap to old_init_ucred() to preserve the capability but the logic was removed by LU-7199 commit 2aea469a3a, this patch reverts that. This patch also makes sure old_init_ucred() won't fail identity check when we have a raised capability but not a valid fsuid. Signed-off-by: Li Dongyang Change-Id: Ia41a8243eb18b1e469529bef186e3239fe9ebc1d Reviewed-on: http://review.whamcloud.com/17815 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Bobi Jam Reviewed-by: Lai Siyao Reviewed-by: Oleg Drokin --- lustre/mdt/mdt_handler.c | 2 +- lustre/mdt/mdt_lib.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index fba0ff5..0751218 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -1552,7 +1552,7 @@ static int mdt_getattr_name(struct tgt_session_info *tsi) repbody->mbo_eadatasize = 0; repbody->mbo_aclsize = 0; - rc = mdt_init_ucred(info, reqbody); + rc = mdt_init_ucred_intent_getattr(info, reqbody); if (unlikely(rc)) GOTO(out_shrink, rc); diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 574ea5e..b018176 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -483,7 +483,8 @@ static int old_init_ucred_common(struct mdt_thread_info *info, identity = mdt_identity_get(mdt->mdt_identity_cache, uc->uc_fsuid); if (IS_ERR(identity)) { - if (unlikely(PTR_ERR(identity) == -EREMCHG)) { + if (unlikely(PTR_ERR(identity) == -EREMCHG || + uc->uc_cap & CFS_CAP_FS_MASK)) { identity = NULL; } else { CDEBUG(D_SEC, "Deny access without identity: " @@ -506,7 +507,7 @@ static int old_init_ucred_common(struct mdt_thread_info *info, mdt_root_squash(info, mdt_info_req(info)->rq_peer.nid); /* remove fs privilege for non-root user. */ - if (uc->uc_fsuid) + if (uc->uc_fsuid && drop_fs_cap) uc->uc_cap &= ~CFS_CAP_FS_MASK; uc->uc_valid = UCRED_OLD; ucred_set_jobid(info, uc); -- 1.8.3.1