NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap

>From RFC 8881:

5.8.1.14. Attribute 75: suppattr_exclcreat

> The bit vector that would set all REQUIRED and RECOMMENDED
> attributes that are supported by the EXCLUSIVE4_1 method of file
> creation via the OPEN operation. The scope of this attribute
> applies to all objects with a matching fsid.

There's nothing in RFC 8881 that states that suppattr_exclcreat is
or is not allowed to contain bits for attributes that are clear in
the reported supported_attrs bitmask. But it doesn't make sense for
an NFS server to indicate that it /doesn't/ implement an attribute,
but then also indicate that clients /are/ allowed to set that
attribute using OPEN(create) with EXCLUSIVE4_1.

Ensure that the SECURITY_LABEL and ACL bits are not set in the
suppattr_exclcreat bitmask when they are also not set in the
supported_attrs bitmask.

Fixes: 8c18f2052e75 ("nfsd41: SUPPATTR_EXCLCREAT attribute")
Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 30ce5851fe4c4932c767c04fdfdf79ea3f6fba59..51ef97c2545688c7e0977281c810d79b21c63d54 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3375,6 +3375,11 @@ static __be32 nfsd4_encode_fattr4_suppattr_exclcreat(struct xdr_stream *xdr,
        u32 supp[3];
 
        memcpy(supp, nfsd_suppattrs[resp->cstate.minorversion], sizeof(supp));
+       if (!IS_POSIXACL(d_inode(args->dentry)))
+               supp[0] &= ~FATTR4_WORD0_ACL;
+       if (!args->contextsupport)
+               supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
+
        supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0;
        supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1;
        supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2;