nfsd: -EINVAL on invalid anonuid/gid instead of silent failure
authorJ. Bruce Fields <bfields@redhat.com>
Fri, 13 Sep 2013 21:50:42 +0000 (17:50 -0400)
committerJ. Bruce Fields <bfields@redhat.com>
Tue, 29 Oct 2013 21:46:14 +0000 (17:46 -0400)
If we're going to refuse to accept these it would be polite of us to at
least say so....

This introduces a slight complication since we need to grandfather in
exportfs's ill-advised use of -1 uid and gid on its test_export.

If it turns out there are other users passing down -1 we may need to
do something else.

Best might be to drop the checks entirely, but I'm not sure if other
parts of the kernel might assume that a task can't run as uid or gid -1.

Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/export.c

index af51cf9bf2e3fb220fff80e4dfc38f70ed41eee3..8513c598fabfbb7cc83e32357d4ff0f6ba8e087d 100644 (file)
@@ -579,6 +579,13 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
                                   exp.ex_uuid);
                if (err)
                        goto out4;
+               /*
+                * No point caching this if it would immediately expire.
+                * Also, this protects exportfs's dummy export from the
+                * anon_uid/anon_gid checks:
+                */
+               if (exp.h.expiry_time < seconds_since_boot())
+                       goto out4;
                /*
                 * For some reason exportfs has been passing down an
                 * invalid (-1) uid & gid on the "dummy" export which it
@@ -586,10 +593,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
                 * sees errors from check_export we therefore need to
                 * delay these checks till after check_export:
                 */
+               err = -EINVAL;
                if (!uid_valid(exp.ex_anon_uid))
                        goto out4;
                if (!gid_valid(exp.ex_anon_gid))
                        goto out4;
+               err = 0;
        }
 
        expp = svc_export_lookup(&exp);