nfsd: Return EPERM, not EACCES, in some SETATTR cases

As the man(2) page for utime/utimes states, EPERM is returned when the
second parameter of utime or utimes is not NULL, the caller's effective UID
does not match the owner of the file, and the caller is not privileged.

However, in a NFS directory mounted from knfsd, it will return EACCES
(from nfsd_setattr-> fh_verify->nfsd_permission).  This patch fixes
that.

Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index eb67098117b4c09eeaa1bf81f08139deba4dd23a..9824e32b2f2345312dad32ea207885344313fbb8 100644 (file)
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -396,10 +396,23 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
        bool            get_write_count;
        bool            size_change = (iap->ia_valid & ATTR_SIZE);
 
-       if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
+       if (iap->ia_valid & ATTR_SIZE) {
                accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
-       if (iap->ia_valid & ATTR_SIZE)
                ftype = S_IFREG;
+       }
+
+       /*
+        * If utimes(2) and friends are called with times not NULL, we should
+        * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission
+        * will return EACCESS, when the caller's effective UID does not match
+        * the owner of the file, and the caller is not privileged. In this
+        * situation, we should return EPERM(notify_change will return this).
+        */
+       if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) {
+               accmode |= NFSD_MAY_OWNER_OVERRIDE;
+               if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET)))
+                       accmode |= NFSD_MAY_WRITE;
+       }
 
        /* Callers that do fh_verify should do the fh_want_write: */
        get_write_count = !fhp->fh_dentry;