Return-Path: Received: from userp1040.oracle.com ([156.151.31.81]:45941 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753041AbbIPUzO convert rfc822-to-8bit (ORCPT ); Wed, 16 Sep 2015 16:55:14 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: [PATCH] Use a separate superblock if mount requires a different security flavor From: Chuck Lever In-Reply-To: Date: Wed, 16 Sep 2015 16:55:04 -0400 Cc: Frank Filz , Linux NFS Mailing List Message-Id: <08D9E2B0-B4A8-4DF0-9BB7-B19B2D260E97@oracle.com> References: <1442429367.24127.6.camel@localhost.localdomain> To: Trond Myklebust Sender: linux-nfs-owner@vger.kernel.org List-ID: On Sep 16, 2015, at 4:52 PM, Trond Myklebust wrote: > On Wed, Sep 16, 2015 at 2:49 PM, Frank Filz wrote: >> If a server has two exports from the same filesystem but with different >> security flavors allowed, when the client mounts first one and then the >> second, the same super block was being used. This resulted in the >> security flavor for the first export being applied to access to the >> second export. >> >> The fix is simply to check the security flavor of the nfs_server >> temporarily constructed for the second mount within nfs_compare_super. >> >> Signed-off-by: Frank S. Filz >> --- >> fs/nfs/super.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/fs/nfs/super.c b/fs/nfs/super.c >> index 084af10..44d60f1 100644 >> --- a/fs/nfs/super.c >> +++ b/fs/nfs/super.c >> @@ -2455,6 +2455,9 @@ static int nfs_compare_super(struct super_block >> *sb, void *data) >> struct nfs_server *server = sb_mntdata->server, *old = >> NFS_SB(sb); >> int mntflags = sb_mntdata->mntflags; >> >> + if(old->client->cl_auth->au_flavor >> + != server->client->cl_auth->au_flavor) >> + return 0; > > Isn't this check already being performed in > nfs_compare_mount_options()? As far as I can see, the difference is > that you are checking unconditionally, whereas > nfs_compare_mount_options only does so if there was a 'sec=' line > specified in the mount options. Right. If the user doesn't provide a sec=, the security flavor is autonegotiated. In the case Frank describes, there are two directories shared on the server, each from the same FSID but using distinct security policies. So the mount options comparison is inadequate if no sec= is specified on the mount command line. -- Chuck Lever