Commit 6f6cc320 authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd: -EINVAL on invalid anonuid/gid instead of silent failure

If we're going to refuse to accept these it would be polite of us to at
least say so....

This introduces a slight complication since we need to grandfather in
exportfs's ill-advised use of -1 uid and gid on its test_export.

If it turns out there are other users passing down -1 we may need to
do something else.

Best might be to drop the checks entirely, but I'm not sure if other
parts of the kernel might assume that a task can't run as uid or gid -1.

Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 427d6c66
...@@ -579,6 +579,13 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) ...@@ -579,6 +579,13 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
exp.ex_uuid); exp.ex_uuid);
if (err) if (err)
goto out4; goto out4;
/*
* No point caching this if it would immediately expire.
* Also, this protects exportfs's dummy export from the
* anon_uid/anon_gid checks:
*/
if (exp.h.expiry_time < seconds_since_boot())
goto out4;
/* /*
* For some reason exportfs has been passing down an * For some reason exportfs has been passing down an
* invalid (-1) uid & gid on the "dummy" export which it * invalid (-1) uid & gid on the "dummy" export which it
...@@ -586,10 +593,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) ...@@ -586,10 +593,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
* sees errors from check_export we therefore need to * sees errors from check_export we therefore need to
* delay these checks till after check_export: * delay these checks till after check_export:
*/ */
err = -EINVAL;
if (!uid_valid(exp.ex_anon_uid)) if (!uid_valid(exp.ex_anon_uid))
goto out4; goto out4;
if (!gid_valid(exp.ex_anon_gid)) if (!gid_valid(exp.ex_anon_gid))
goto out4; goto out4;
err = 0;
} }
expp = svc_export_lookup(&exp); expp = svc_export_lookup(&exp);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment