We have a customer request to backport the following patch commit 7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1 Author: J. Bruce Fields <bfields.edu> Date: Fri Jun 30 01:56:14 2006 -0700 [PATCH] knfsd: nfsd: call nfsd_setuser() on fh_compose(), fix nfsd4 permissions problem This patch also needs to be followed by commit d1bbf14f37261c2c0dba71404602e1ddcec069d2 Author: NeilBrown <neilb> Date: Sun Jul 30 03:03:16 2006 -0700 [PATCH] knfsd: Fix stale file handle problem with subtree_checking. which fixes a bug in the original patch. Copying the description from the earlier patch -- From: J. Bruce Fields <bfields.edu> In the typical v2/v3 case the only new filehandles used as arguments to operations are filehandles taken directly off the wire, which don't get dentries until fh_verify() is called. But in v4 the filehandles that are arguments to operations were often created by previous operations (putrootfh, lookup, etc.) using fh_compose, which sets the dentry in the filehandle without calling nfsd_setuser(). This also means that, for example, if filesystem B is mounted on filesystem A, and filesystem A is exported without root-squashing, then a client can bypass the rootsquashing on B using a compound that starts at a filehandle in A, crosses into B using lookups, and then does stuff in B. --
Created attachment 438406 [details] User provided patch Patch which combines the changes in git commits 7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1 and d1bbf14f37261c2c0dba71404602e1ddcec069d2