Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1098414pxb; Fri, 22 Jan 2021 07:09:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJx3swTeu8L+K7pz9HW9wRSDiYxPrediPazWegg3qJ16lzvYViLFXdXXSlIT6tuW3hoq6dxv X-Received: by 2002:a17:907:d8e:: with SMTP id go14mr3379335ejc.472.1611328172022; Fri, 22 Jan 2021 07:09:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611328172; cv=none; d=google.com; s=arc-20160816; b=cv3QUQ8AhvRFSNGW8tpblHnIQIwBy+/yo3GAUD+Xw0Bo4Y4GrR61OTWoVgztdvzaQL LfQMPaIOcklP9aWMT3qjg2wqr5F5z/7Nv1C/GGnq33rJyksa6HFngo3OjnVunm2P9wuK RQaEiaMX3xZJ+tXvw/tpdQeo8u1Nr+1S5LmI0fUctroPATCr0dnKH8o9USJR6j5BwCcy Yuj4b9NF3QmpsxN8FZcWMecPp/Xu8AHglx5pb7weo9gIVo7/ybJJv1ASm8L45E5Gpw19 YLDJt1IAhvsLKA9oKMRS9b4pTZgJBxi63i6vn/UcFLAwsEenxq4s3/4gg+lqlGLE39SY tJ8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=sOPL7JMve3whcATPYbutrAaHSxPZGrAj6Wt8PkVeBpc=; b=JYOihK3oY4EcRAnb83ETT/EGTDt17vI/m2JNMms5a5W8czm3ZtP/NBQMzF9Rj+/wmz uoyiXKWIa+TRrqqMaNR+plApanoWQFv++TgewY+PyCoQBQUxOkT9ZIaMNFF1a5QLFto5 ptYu4HtevzT8udcc8u3WKA/WhpgcRZWdBd9scQZQwlRHWvsDJSTg3GyUuNaNS7L6Qmql LFe9ZwHqg3h9yA/hLXvWTznyxKO3P8ilZswYcy7NpHuWkIeIbxlTvIejNRdtPb+4allQ 50HGYxe0G11CltxQtZp/HXGRMeitx9UFW/BuW3rfAD9+Z/3cDSIf5c7lbR0LKGE/CQy3 kM2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VeUFBx3a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h18si3639667edv.41.2021.01.22.07.09.05; Fri, 22 Jan 2021 07:09:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VeUFBx3a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729114AbhAVPDS (ORCPT + 99 others); Fri, 22 Jan 2021 10:03:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:40268 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728605AbhAVOX2 (ORCPT ); Fri, 22 Jan 2021 09:23:28 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 50F7F23B5F; Fri, 22 Jan 2021 14:17:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1611325027; bh=lxS1+FlWF/d4MmrwMAW+6vTqUFurbol65PwbcHgH7X0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VeUFBx3aqOYD8bgs9CtFEjK+1yU3IvnNvopyfyZh9qS2i4aErsd43Efsj+VT501jO 5d6V6jw07zLx0n1k7TduHpcXxR63j60IMCXAe+qDlAn0y2aoIJH/Mjg6/CESWbERQD LVk8cwW5ifhErhSfkVH9d9p+vYkyJWVGzHkONFR8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Youjipeng , "J. Bruce Fields" , Chuck Lever Subject: [PATCH 5.4 09/33] nfsd4: readdirplus shouldnt return parent of export Date: Fri, 22 Jan 2021 15:12:25 +0100 Message-Id: <20210122135733.949260509@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210122135733.565501039@linuxfoundation.org> References: <20210122135733.565501039@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream. If you export a subdirectory of a filesystem, a READDIRPLUS on the root of that export will return the filehandle of the parent with the ".." entry. The filehandle is optional, so let's just not return the filehandle for ".." if we're at the root of an export. Note that once the client learns one filehandle outside of the export, they can trivially access the rest of the export using further lookups. However, it is also not very difficult to guess filehandles outside of the export. So exporting a subdirectory of a filesystem should considered equivalent to providing access to the entire filesystem. To avoid confusion, we recommend only exporting entire filesystems. Reported-by: Youjipeng Signed-off-by: J. Bruce Fields Cc: stable@vger.kernel.org Signed-off-by: Chuck Lever Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/nfs3xdr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -857,9 +857,14 @@ compose_entry_fh(struct nfsd3_readdirres if (isdotent(name, namlen)) { if (namlen == 2) { dchild = dget_parent(dparent); - /* filesystem root - cannot return filehandle for ".." */ + /* + * Don't return filehandle for ".." if we're at + * the filesystem or export root: + */ if (dchild == dparent) goto out; + if (dparent == exp->ex_path.dentry) + goto out; } else dchild = dget(dparent); } else