nfsd: notify_change needs elevated write count
authorJ. Bruce Fields <bfields@redhat.com>
Mon, 24 Feb 2014 19:59:47 +0000 (14:59 -0500)
committerJ. Bruce Fields <bfields@redhat.com>
Thu, 27 Mar 2014 20:31:48 +0000 (16:31 -0400)
Looks like this bug has been here since these write counts were
introduced, not sure why it was just noticed now.

Thanks also to Jan Kara for pointing out the problem.

Cc: stable@vger.kernel.org
Reported-by: Matthew Rahtz <mrahtz@rapitasystems.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/vfs.c

index 6d7be3f8035631cb207a5733c71dbfc2f800fa4c..eea5ad1889846c5c88a4fa11d27314ee035a9817 100644 (file)
@@ -404,6 +404,7 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
        umode_t         ftype = 0;
        __be32          err;
        int             host_err;
+       bool            get_write_count;
        int             size_change = 0;
 
        if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
@@ -411,10 +412,18 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
        if (iap->ia_valid & ATTR_SIZE)
                ftype = S_IFREG;
 
+       /* Callers that do fh_verify should do the fh_want_write: */
+       get_write_count = !fhp->fh_dentry;
+
        /* Get inode */
        err = fh_verify(rqstp, fhp, ftype, accmode);
        if (err)
                goto out;
+       if (get_write_count) {
+               host_err = fh_want_write(fhp);
+               if (host_err)
+                       return nfserrno(host_err);
+       }
 
        dentry = fhp->fh_dentry;
        inode = dentry->d_inode;