| Message ID | e4fb183aaa5faf4fac14e0f81ad3a40f604f68d4.1417834215.git.bcodding@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Bump.. ..even though I can't imagine a smaller problem, any chance to take this one? Ben On Fri, 5 Dec 2014, Benjamin Coddington wrote: > A remount that alters security flavors can appear to succeed when it should > instead return -EINVAL. Check to see if the current security flavor exists > within the flavors specified in the remount options, and if not fail the > remount. > > Signed-off-by: Benjamin Coddington <bcodding@redhat.com> > --- > fs/nfs/super.c | 3 +-- > 1 files changed, 1 insertions(+), 2 deletions(-) > > diff --git a/fs/nfs/super.c b/fs/nfs/super.c > index 31a11b0..e6275e0 100644 > --- a/fs/nfs/super.c > +++ b/fs/nfs/super.c > @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss, > data->version != nfss->nfs_client->rpc_ops->version || > data->minorversion != nfss->nfs_client->cl_minorversion || > data->retrans != nfss->client->cl_timeout->to_retries || > - data->selected_flavor != nfss->client->cl_auth->au_flavor || > + !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) || > data->acregmin != nfss->acregmin / HZ || > data->acregmax != nfss->acregmax / HZ || > data->acdirmin != nfss->acdirmin / HZ || > @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data) > data->wsize = nfss->wsize; > data->retrans = nfss->client->cl_timeout->to_retries; > data->selected_flavor = nfss->client->cl_auth->au_flavor; > - data->auth_info = nfss->auth_info; > data->acregmin = nfss->acregmin / HZ; > data->acregmax = nfss->acregmax / HZ; > data->acdirmin = nfss->acdirmin / HZ; > -- > 1.7.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 2014-12-05 at 21:52 -0500, Benjamin Coddington wrote: > A remount that alters security flavors can appear to succeed when it should > instead return -EINVAL. Check to see if the current security flavor exists > within the flavors specified in the remount options, and if not fail the > remount. > > Signed-off-by: Benjamin Coddington <bcodding@redhat.com> > --- > fs/nfs/super.c | 3 +-- > 1 files changed, 1 insertions(+), 2 deletions(-) > > diff --git a/fs/nfs/super.c b/fs/nfs/super.c > index 31a11b0..e6275e0 100644 > --- a/fs/nfs/super.c > +++ b/fs/nfs/super.c > @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss, > data->version != nfss->nfs_client->rpc_ops->version || > data->minorversion != nfss->nfs_client->cl_minorversion || > data->retrans != nfss->client->cl_timeout->to_retries || > - data->selected_flavor != nfss->client->cl_auth->au_flavor || > + !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) || > data->acregmin != nfss->acregmin / HZ || > data->acregmax != nfss->acregmax / HZ || > data->acdirmin != nfss->acdirmin / HZ || > @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data) > data->wsize = nfss->wsize; > data->retrans = nfss->client->cl_timeout->to_retries; > data->selected_flavor = nfss->client->cl_auth->au_flavor; > - data->auth_info = nfss->auth_info; > data->acregmin = nfss->acregmin / HZ; > data->acregmax = nfss->acregmax / HZ; > data->acdirmin = nfss->acdirmin / HZ; Thanks Ben. Applied...
diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 31a11b0..e6275e0 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss, data->version != nfss->nfs_client->rpc_ops->version || data->minorversion != nfss->nfs_client->cl_minorversion || data->retrans != nfss->client->cl_timeout->to_retries || - data->selected_flavor != nfss->client->cl_auth->au_flavor || + !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) || data->acregmin != nfss->acregmin / HZ || data->acregmax != nfss->acregmax / HZ || data->acdirmin != nfss->acdirmin / HZ || @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data) data->wsize = nfss->wsize; data->retrans = nfss->client->cl_timeout->to_retries; data->selected_flavor = nfss->client->cl_auth->au_flavor; - data->auth_info = nfss->auth_info; data->acregmin = nfss->acregmin / HZ; data->acregmax = nfss->acregmax / HZ; data->acdirmin = nfss->acdirmin / HZ;
A remount that alters security flavors can appear to succeed when it should instead return -EINVAL. Check to see if the current security flavor exists within the flavors specified in the remount options, and if not fail the remount. Signed-off-by: Benjamin Coddington <bcodding@redhat.com> --- fs/nfs/super.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-)