NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock()

[ Upstream commit 6640556b0c80edc66d6f50abe53f00311a873536 ]

NFSv4 LOCK operations should not avoid the set of authorization
checks that apply to all other NFSv4 operations. Also, the
"no_auth_nlm" export option should apply only to NLM LOCK requests.
It's not necessary or sensible to apply it to NFSv4 LOCK operations.

Instead, set no permission bits when calling fh_verify(). Subsequent
stateid processing handles authorization checks.

Reported-by: NeilBrown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Stable-dep-of: 898374fdd7f0 ("nfsd: unregister with rpcbind when deleting a transport")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index bcb44400e24398632b20abf620ab9927b3d794d6..7b0fabf8c657a164b706851c7c7acff18c865ba7 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -7998,11 +7998,9 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
        if (check_lock_length(lock->lk_offset, lock->lk_length))
                 return nfserr_inval;
 
-       if ((status = fh_verify(rqstp, &cstate->current_fh,
-                               S_IFREG, NFSD_MAY_LOCK))) {
-               dprintk("NFSD: nfsd4_lock: permission denied!\n");
+       status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
+       if (status != nfs_ok)
                return status;
-       }
        sb = cstate->current_fh.fh_dentry->d_sb;
 
        if (lock->lk_is_new) {