[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240912130220.17032-3-pali@kernel.org>
Date: Thu, 12 Sep 2024 15:02:17 +0200
From: Pali Rohár <pali@...nel.org>
To: Trond Myklebust <trondmy@...nel.org>,
Anna Schumaker <anna@...nel.org>
Cc: linux-nfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 2/5] nfs: Propagate AUTH_NULL/AUTH_UNIX PATHCONF NFS3ERR_ACCESS failures
Linux NFS3 server returns NFS3ERR_ACCESS for PATHCONF procedure if
client-selected auth flavor is not enabled for export which is being
mounted. Ignoring this error results in choosing wrong auth flavor during
mount and so making the mount point inaccessible. It is because Linux NFS3
server allows to call other procedures used during mount time (FSINFO and
GETATTR) also with auth flavor which is explicitly disabled on particular
export.
This is particularly problem with mounting AUTH_NULL-only exports from
Linux NFS3 server as kernel client first try to use AUTH_UNIX auth flavor,
even when AUTH_UNIX is not announced by the MNTv3 server.
Do not propagate this failure for other auth methods, like GSS, as Linux
NFS3 server expects that accessing root export GSS dir may be done also by
other auth methods.
Signed-off-by: Pali Rohár <pali@...nel.org>
Cc: stable@...r.kernel.org
---
fs/nfs/client.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 8286edd6062d..5171ae112355 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -864,7 +864,19 @@ static int nfs_probe_fsinfo(struct nfs_server *server, struct nfs_fh *mntfh, str
pathinfo.fattr = fattr;
nfs_fattr_init(fattr);
- if (clp->rpc_ops->pathconf(server, mntfh, &pathinfo) >= 0)
+ error = clp->rpc_ops->pathconf(server, mntfh, &pathinfo);
+ /*
+ * Linux NFS3 server for PATHCONF procedure returns back error
+ * NFS3ERR_ACCESS when selected auth flavor is not enabled for
+ * export. For auth flavors without authentication (none and
+ * sys) propagate error back to nfs_probe_server() caller and
+ * allow to choose different auth flavor.
+ */
+ if (error == -EACCES && (
+ server->client->cl_auth->au_flavor == RPC_AUTH_UNIX ||
+ server->client->cl_auth->au_flavor == RPC_AUTH_NULL))
+ return error;
+ else if (error >= 0)
server->namelen = pathinfo.max_namelen;
}
--
2.20.1
Powered by blists - more mailing lists