Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2563631pxb; Mon, 11 Jan 2021 13:03:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJxeqQTJpr05YY7VyjmLVZTd1tIuG2yKpw6xiZ7m5s7m1we5v+NBx/R4mit29fC0lsbnBxWq X-Received: by 2002:a17:906:378f:: with SMTP id n15mr866642ejc.263.1610399024588; Mon, 11 Jan 2021 13:03:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610399024; cv=none; d=google.com; s=arc-20160816; b=fd9kC91AWWFh4x7RHxihMYFvN6FHjF12B2o4ilyXz5u9qxlop1l4hMv1Mos/rkJQym iJ6GhIs8JUT+SPUpTWtqMt+xZLOFYsgQd+8w0vaynEOUU+SmoXVTjXX/25iFlsSkElFP 7QUcGDWXDEOuldpvjGuwOyr0SJ3schHDMA9bIVzIJQble4VcAkL0VLoZih+GkAtRUrzh iVZYlnbhYkGpSkUmlNxPP2C5sg/Yd7lssczChjXSathBJgrMjxpgceH8BTP+9BF9t7mw tS17Ml9EcXMAEMqs+cMbbOFSAVc0s5r/ctcYcVYftFrwIMqZ72VRsxXkTuDYES7zEGsi Sd7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-filter; bh=mt0fPOyyciegWxIp8IGOQG0zh7e6QFxUYU2Dl3js/CM=; b=RIvjSENSccbCcBRddNM26fM1wV4dPEZKTTN88Z8CW0T5910rBKzEwQGG3ZD7RERrKl ZwmjNO+yjAtArgio6G9T6s5mpH0eXAXysolYJbzDxjKyy1iQvwBk0GFwlTfIlNZDIxVC y39Sb3uejR2VRs3H6P01PWW2Io6eWDNGTHCIyJtQi+wDMzXJyD5pSoG9SZCW5qbL/wc8 B43XZa/b9CYBdP9ZGpCrtRziNSyuTSfGjdFqJgJzJXKDVXcNUMxlrYZodSmadD/bjnaC 625yHigt+ZdNlS7p0hpY/PAbnFaZMeoGjkfv0JdU7DbzHaRpAM9m7AMO9azZ4KFZCWL0 7n2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=Hybagwog; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s18si190912eji.645.2021.01.11.13.03.21; Mon, 11 Jan 2021 13:03:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=Hybagwog; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729150AbhAKVCO (ORCPT + 99 others); Mon, 11 Jan 2021 16:02:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729194AbhAKVCK (ORCPT ); Mon, 11 Jan 2021 16:02:10 -0500 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A231C061786 for ; Mon, 11 Jan 2021 13:01:30 -0800 (PST) Received: by fieldses.org (Postfix, from userid 2815) id 29E206F32; Mon, 11 Jan 2021 16:01:29 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 29E206F32 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1610398889; bh=mt0fPOyyciegWxIp8IGOQG0zh7e6QFxUYU2Dl3js/CM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HybagwogAn2F0cchwB7Q249R804oxPROcysvCD6edOuXvaGSksvlADRBPi/+Barkk 6BTz+8qzX0GbijPUbmg+JpnNs1+nDQxr44b4GmG4od33dW5FNlwUvcnn0gxdA9WA7B Oe5CU96Jy/xZC7xvpttf+eqseoDctLM+6iM2/EEQ= Date: Mon, 11 Jan 2021 16:01:29 -0500 From: "J. Bruce Fields" To: Chuck Lever Cc: =?utf-8?B?5ZC05byC?= , linux-nfs@vger.kernel.org Subject: [PATCH] nfsd4: readdirplus shouldn't return parent of export Message-ID: <20210111210129.GA11652@fieldses.org> References: <20210105165633.GC14893@fieldses.org> <20210108152017.GA4183@fieldses.org> <20210108164433.GB8699@fieldses.org> <20210110201740.GA8789@fieldses.org> <20210110202815.GB8789@fieldses.org> <20210111192507.GB2600@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20210111192507.GB2600@fieldses.org> User-Agent: Mutt/1.5.21 (2010-09-15) Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: "J. Bruce Fields" If you export a subdirectory of a filesystem, a READDIRPLUS on the root of that export will return the filehandle of the parent with the ".." entry. The filehandle is optional, so let's just not return the filehandle for ".." if we're at the root of an export. Note that once the client learns one filehandle outside of the export, they can trivially access the rest of the export using further lookups. However, it is also not very difficult to guess filehandles outside of the export. So exporting a subdirectory of a filesystem should considered equivalent to providing access to the entire filesystem. To avoid confusion, we recommend only exporting entire filesystems. Reported-by: 吴异 Signed-off-by: J. Bruce Fields --- fs/nfsd/nfs3xdr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 821db21ba072..34b880211e5e 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -865,9 +865,14 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp, if (isdotent(name, namlen)) { if (namlen == 2) { dchild = dget_parent(dparent); - /* filesystem root - cannot return filehandle for ".." */ + /* + * Don't return filehandle for ".." if we're at OA+ * the filesystem or export root: + */ if (dchild == dparent) goto out; + if (dparent == exp->ex_path.dentry) + goto out; } else dchild = dget(dparent); } else -- 2.29.2