diff options
author | J. Bruce Fields <bfields@redhat.com> | 2013-09-13 17:50:42 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2013-10-29 17:46:14 -0400 |
commit | 6f6cc3205c5f10129b8a10cdf8abf85d9db48a60 (patch) | |
tree | c0c388985d7231b2c3b940cbdb64d877dde95c8b | |
parent | 427d6c6646d868fbd3094e7e2e1644d480cd9204 (diff) | |
download | op-kernel-dev-6f6cc3205c5f10129b8a10cdf8abf85d9db48a60.zip op-kernel-dev-6f6cc3205c5f10129b8a10cdf8abf85d9db48a60.tar.gz |
nfsd: -EINVAL on invalid anonuid/gid instead of silent failure
If we're going to refuse to accept these it would be polite of us to at
least say so....
This introduces a slight complication since we need to grandfather in
exportfs's ill-advised use of -1 uid and gid on its test_export.
If it turns out there are other users passing down -1 we may need to
do something else.
Best might be to drop the checks entirely, but I'm not sure if other
parts of the kernel might assume that a task can't run as uid or gid -1.
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r-- | fs/nfsd/export.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index af51cf9..8513c59 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -580,16 +580,25 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) if (err) goto out4; /* + * No point caching this if it would immediately expire. + * Also, this protects exportfs's dummy export from the + * anon_uid/anon_gid checks: + */ + if (exp.h.expiry_time < seconds_since_boot()) + goto out4; + /* * For some reason exportfs has been passing down an * invalid (-1) uid & gid on the "dummy" export which it * uses to test export support. To make sure exportfs * sees errors from check_export we therefore need to * delay these checks till after check_export: */ + err = -EINVAL; if (!uid_valid(exp.ex_anon_uid)) goto out4; if (!gid_valid(exp.ex_anon_gid)) goto out4; + err = 0; } expp = svc_export_lookup(&exp); |