A remount that alters security flavors can appear to succeed when it should
instead return -EINVAL. Check to see if the current security flavor exists
within the flavors specified in the remount options, and if not fail the
remount.
Signed-off-by: Benjamin Coddington <[email protected]>
---
fs/nfs/super.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 31a11b0..e6275e0 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
data->version != nfss->nfs_client->rpc_ops->version ||
data->minorversion != nfss->nfs_client->cl_minorversion ||
data->retrans != nfss->client->cl_timeout->to_retries ||
- data->selected_flavor != nfss->client->cl_auth->au_flavor ||
+ !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
data->acregmin != nfss->acregmin / HZ ||
data->acregmax != nfss->acregmax / HZ ||
data->acdirmin != nfss->acdirmin / HZ ||
@@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
data->wsize = nfss->wsize;
data->retrans = nfss->client->cl_timeout->to_retries;
data->selected_flavor = nfss->client->cl_auth->au_flavor;
- data->auth_info = nfss->auth_info;
data->acregmin = nfss->acregmin / HZ;
data->acregmax = nfss->acregmax / HZ;
data->acdirmin = nfss->acdirmin / HZ;
--
1.7.1
Bump.. ..even though I can't imagine a smaller problem, any chance to take
this one?
Ben
On Fri, 5 Dec 2014, Benjamin Coddington wrote:
> A remount that alters security flavors can appear to succeed when it should
> instead return -EINVAL. Check to see if the current security flavor exists
> within the flavors specified in the remount options, and if not fail the
> remount.
>
> Signed-off-by: Benjamin Coddington <[email protected]>
> ---
> fs/nfs/super.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> index 31a11b0..e6275e0 100644
> --- a/fs/nfs/super.c
> +++ b/fs/nfs/super.c
> @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
> data->version != nfss->nfs_client->rpc_ops->version ||
> data->minorversion != nfss->nfs_client->cl_minorversion ||
> data->retrans != nfss->client->cl_timeout->to_retries ||
> - data->selected_flavor != nfss->client->cl_auth->au_flavor ||
> + !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
> data->acregmin != nfss->acregmin / HZ ||
> data->acregmax != nfss->acregmax / HZ ||
> data->acdirmin != nfss->acdirmin / HZ ||
> @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
> data->wsize = nfss->wsize;
> data->retrans = nfss->client->cl_timeout->to_retries;
> data->selected_flavor = nfss->client->cl_auth->au_flavor;
> - data->auth_info = nfss->auth_info;
> data->acregmin = nfss->acregmin / HZ;
> data->acregmax = nfss->acregmax / HZ;
> data->acdirmin = nfss->acdirmin / HZ;
> --
> 1.7.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
On Fri, 2014-12-05 at 21:52 -0500, Benjamin Coddington wrote:
> A remount that alters security flavors can appear to succeed when it should
> instead return -EINVAL. Check to see if the current security flavor exists
> within the flavors specified in the remount options, and if not fail the
> remount.
>
> Signed-off-by: Benjamin Coddington <[email protected]>
> ---
> fs/nfs/super.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> index 31a11b0..e6275e0 100644
> --- a/fs/nfs/super.c
> +++ b/fs/nfs/super.c
> @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
> data->version != nfss->nfs_client->rpc_ops->version ||
> data->minorversion != nfss->nfs_client->cl_minorversion ||
> data->retrans != nfss->client->cl_timeout->to_retries ||
> - data->selected_flavor != nfss->client->cl_auth->au_flavor ||
> + !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
> data->acregmin != nfss->acregmin / HZ ||
> data->acregmax != nfss->acregmax / HZ ||
> data->acdirmin != nfss->acdirmin / HZ ||
> @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
> data->wsize = nfss->wsize;
> data->retrans = nfss->client->cl_timeout->to_retries;
> data->selected_flavor = nfss->client->cl_auth->au_flavor;
> - data->auth_info = nfss->auth_info;
> data->acregmin = nfss->acregmin / HZ;
> data->acregmax = nfss->acregmax / HZ;
> data->acdirmin = nfss->acdirmin / HZ;
Thanks Ben. Applied...
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
[email protected]