Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1265259pxb; Fri, 22 Jan 2021 10:58:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJyotV7vbkFtrIfI4WdoHOgfEk8UujbdEZrA3lRFp+Eu1OYnj8DAAJStoBNIyOYElzqF9F/3 X-Received: by 2002:a05:6402:3553:: with SMTP id f19mr4350983edd.271.1611341894196; Fri, 22 Jan 2021 10:58:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611341894; cv=none; d=google.com; s=arc-20160816; b=QflgAPi/55IcOoj/ls098yYkcE6OwRsWvQTGTi00yBWU4BZmgQUHJz7MYD4wvhJZ4R asTTLSI5yBGXo4OmRf9qvSHZF9f1h1pOw+hrl6O4b9ox8KCPLbEU8d/i8MaofbTTv/2u ARKs2viG7JX4pb3LT9ulkDzKrb3tLjBu9Js0NxP0XKtX8s+9ybiIc/MxlWtpcTGeqOdS pT5/0fgnnSzB7oR68POn9ncF8zzOlcO07OO4PLhN3JhBUGlnsiHOSqd2rDqhfx89pTjm j009VYLHkmmXJiMrFoDy606zWFW11c1sYs5iiSyy3bkekxJCXpxMxysRwmhZwU95cOiV XqBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jJ4BKtDsvVlOLjK2WMRAMhInhX7CdHK9zsoJFE+x0M4=; b=mUJ2GeSCAUyp/KsPiZ80904jJHrR5p1Hqz5DHbyk3/kqQVSP08BLUj4wKP001pFCc1 8V0SSlFggDAn9jMbtqAwRvDYLKab6TqJJy/etfw+9QGJr0MuvCtDoqs7poNbACdQmYx1 rWRUOicDHIGy6SpZes1V9Kx1okFOBfae/LAx/N4ZrCs+Ri0UcaiWI+ONAFCy73yPOBk7 Bq1H7EpQrl1PtSdqWf1x2wlqmuaXJYUOsOwKREJv3cdr1xctz/gAjx5NGTUz0BPecsJa NPsci66yclk3cXaTSQkCNtpxi09YPEn5K0eoEdkYNkY4LpfALM7GjxRLehm/cEuY5HOJ 0Mig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yI6PnkmQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn23si3745987edb.27.2021.01.22.10.57.49; Fri, 22 Jan 2021 10:58:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yI6PnkmQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730271AbhAVSxg (ORCPT + 99 others); Fri, 22 Jan 2021 13:53:36 -0500 Received: from mail.kernel.org ([198.145.29.99]:39308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728522AbhAVOWD (ORCPT ); Fri, 22 Jan 2021 09:22:03 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1C04B23AC8; Fri, 22 Jan 2021 14:16:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1611324970; bh=FF0Eut46PKr87ElysybdlIYlogJYoUuULboTnAlfkaY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yI6PnkmQyHGgszXWl6nJWosdALdtl47bTzb5IQxpXOrVlL/PAMd2ZK2bWtiXorDhV jTARZs0srqWcEH1+R3izEhOtiyxH1X8PhMaZPpFNK+NliAVMHHdjRMEo9HNvUzggv7 0SRyRktkNtch5mrbKVFQreM9xE9YiGUJnbjUpqhs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Youjipeng , "J. Bruce Fields" , Chuck Lever Subject: [PATCH 4.19 05/22] nfsd4: readdirplus shouldnt return parent of export Date: Fri, 22 Jan 2021 15:12:23 +0100 Message-Id: <20210122135732.135933562@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210122135731.921636245@linuxfoundation.org> References: <20210122135731.921636245@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream. If you export a subdirectory of a filesystem, a READDIRPLUS on the root of that export will return the filehandle of the parent with the ".." entry. The filehandle is optional, so let's just not return the filehandle for ".." if we're at the root of an export. Note that once the client learns one filehandle outside of the export, they can trivially access the rest of the export using further lookups. However, it is also not very difficult to guess filehandles outside of the export. So exporting a subdirectory of a filesystem should considered equivalent to providing access to the entire filesystem. To avoid confusion, we recommend only exporting entire filesystems. Reported-by: Youjipeng Signed-off-by: J. Bruce Fields Cc: stable@vger.kernel.org Signed-off-by: Chuck Lever Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/nfs3xdr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -844,9 +844,14 @@ compose_entry_fh(struct nfsd3_readdirres if (isdotent(name, namlen)) { if (namlen == 2) { dchild = dget_parent(dparent); - /* filesystem root - cannot return filehandle for ".." */ + /* + * Don't return filehandle for ".." if we're at + * the filesystem or export root: + */ if (dchild == dparent) goto out; + if (dparent == exp->ex_path.dentry) + goto out; } else dchild = dget(dparent); } else