From 427d6c6646d868fbd3094e7e2e1644d480cd9204 Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Fri, 13 Sep 2013 11:08:45 -0400 Subject: nfsd: return better errors to exportfs Someone noticed exportfs happily accepted exports that would later be rejected when mountd tried to give them to the kernel. Fix this. This is a regression from 4c1e1b34d5c800ad3ac9a7e2805b0bea70ad2278 "nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids". Cc: "Eric W. Biederman" Cc: stable@vger.kernel.org Reported-by: Yin.JianHong Signed-off-by: J. Bruce Fields --- fs/nfsd/export.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 5f38ea36e266..af51cf9bf2e3 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -536,16 +536,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) if (err) goto out3; exp.ex_anon_uid= make_kuid(&init_user_ns, an_int); - if (!uid_valid(exp.ex_anon_uid)) - goto out3; /* anon gid */ err = get_int(&mesg, &an_int); if (err) goto out3; exp.ex_anon_gid= make_kgid(&init_user_ns, an_int); - if (!gid_valid(exp.ex_anon_gid)) - goto out3; /* fsid */ err = get_int(&mesg, &an_int); @@ -583,6 +579,17 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) exp.ex_uuid); if (err) goto out4; + /* + * For some reason exportfs has been passing down an + * invalid (-1) uid & gid on the "dummy" export which it + * uses to test export support. To make sure exportfs + * sees errors from check_export we therefore need to + * delay these checks till after check_export: + */ + if (!uid_valid(exp.ex_anon_uid)) + goto out4; + if (!gid_valid(exp.ex_anon_gid)) + goto out4; } expp = svc_export_lookup(&exp); -- cgit From 6f6cc3205c5f10129b8a10cdf8abf85d9db48a60 Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Fri, 13 Sep 2013 17:50:42 -0400 Subject: nfsd: -EINVAL on invalid anonuid/gid instead of silent failure If we're going to refuse to accept these it would be polite of us to at least say so.... This introduces a slight complication since we need to grandfather in exportfs's ill-advised use of -1 uid and gid on its test_export. If it turns out there are other users passing down -1 we may need to do something else. Best might be to drop the checks entirely, but I'm not sure if other parts of the kernel might assume that a task can't run as uid or gid -1. Cc: "Eric W. Biederman" Signed-off-by: J. Bruce Fields --- fs/nfsd/export.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index af51cf9bf2e3..8513c598fabf 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -579,6 +579,13 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) exp.ex_uuid); if (err) goto out4; + /* + * No point caching this if it would immediately expire. + * Also, this protects exportfs's dummy export from the + * anon_uid/anon_gid checks: + */ + if (exp.h.expiry_time < seconds_since_boot()) + goto out4; /* * For some reason exportfs has been passing down an * invalid (-1) uid & gid on the "dummy" export which it @@ -586,10 +593,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) * sees errors from check_export we therefore need to * delay these checks till after check_export: */ + err = -EINVAL; if (!uid_valid(exp.ex_anon_uid)) goto out4; if (!gid_valid(exp.ex_anon_gid)) goto out4; + err = 0; } expp = svc_export_lookup(&exp); -- cgit