From patchwork Tue May 14 14:26:20 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 2566481 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 257AC3FC5A for ; Tue, 14 May 2013 14:26:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757499Ab3ENO0Y (ORCPT ); Tue, 14 May 2013 10:26:24 -0400 Received: from mail-ie0-f177.google.com ([209.85.223.177]:59179 "EHLO mail-ie0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757464Ab3ENO0X (ORCPT ); Tue, 14 May 2013 10:26:23 -0400 Received: by mail-ie0-f177.google.com with SMTP id 9so1082667iec.8 for ; Tue, 14 May 2013 07:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:subject:to:from:cc:date:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=HYtJqYBY5jh1dpdw7DpLBXIid/LzXy+AsqJqSlUfRKY=; b=svZFb8c4IUWPlC6U84OEKMGKyrMFTmsZz2XVsXeCs/affoT2vY5QTMoZafwitupAJs VzgDPXrepzNN79E9vU1bPgOSIUe4EERLkJM9BqQ++GU4NaaYi4TKF/K/lAtvkqz77ZP7 nicKYbleYTjFNoUcHsUtTjPzKrkQAcLgtoAlNbvNd6eBNSvMKTEWUaDx/CyU9B/1EnJ5 Frmc4CtuCDqNOf/oUcs/xs/9ZwPpeQQI9LdOetDsmZYI6SVRQeEzWoe1OfYHISotO7cU oeBf1PDRh9+P3uwaUPRiUUOMkUWZCswO9dnbWgDxB2iB8SSf89Z5RPMprSLcL15HFGhI +Csg== X-Received: by 10.50.152.105 with SMTP id ux9mr2263516igb.53.1368541583131; Tue, 14 May 2013 07:26:23 -0700 (PDT) Received: from seurat.1015granger.net (adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net. [99.26.161.222]) by mx.google.com with ESMTPSA id 9sm23852126igy.7.2013.05.14.07.26.21 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 14 May 2013 07:26:22 -0700 (PDT) Subject: [PATCH] NFS: Fix security flavor negotiation with legacy binary mounts To: darrick.wong@oracle.com From: Chuck Lever Cc: linux-nfs@vger.kernel.org Date: Tue, 14 May 2013 10:26:20 -0400 Message-ID: <20130514142620.37841.9591.stgit@seurat.1015granger.net> User-Agent: StGit/0.16 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Commit 4580a92d44 "NFS: Use server-recommended security flavor by default (NFSv3)" introduced a behavior regression for NFS mounts done via a legacy binary mount(2) call. Darrick J. Wong reports: > I have a kvm-based testing setup that netboots VMs over NFS, the > client end of which seems to have broken somehow in 3.10-rc1. The > server's exports file looks like this: > > /storage/mtr/x64 192.168.122.0/24(ro,sync,no_root_squash,no_subtree_check) > > On the client end (inside the VM), the initrd runs the following > command to try to mount the rootfs over NFS: > > # mount -o nolock -o ro -o retrans=10 192.168.122.1:/storage/mtr/x64/ /root > > (Note: This is the busybox mount command.) > > The mount fails with -EINVAL. Ensure that a default security flavor is specified for legacy binary mounts, since they do not invoke nfs_select_flavor() in the kernel. Reported-by: Darrick J. Wong Signed-off-by: Chuck Lever Tested-by: Darrick J. Wong Acked-by: Weston Andros Adamson --- fs/nfs/super.c | 2 ++ 1 file changed, 2 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/nfs/super.c b/fs/nfs/super.c index a366107..2d7525f 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -1942,6 +1942,7 @@ static int nfs23_validate_mount_data(void *options, args->namlen = data->namlen; args->bsize = data->bsize; + args->auth_flavors[0] = RPC_AUTH_UNIX; if (data->flags & NFS_MOUNT_SECFLAVOUR) args->auth_flavors[0] = data->pseudoflavor; if (!args->nfs_server.hostname) @@ -2637,6 +2638,7 @@ static int nfs4_validate_mount_data(void *options, goto out_no_address; args->nfs_server.port = ntohs(((struct sockaddr_in *)sap)->sin_port); + args->auth_flavors[0] = RPC_AUTH_UNIX; if (data->auth_flavourlen) { if (data->auth_flavourlen > 1) goto out_inval_auth;