Don't allow junction tests to trigger automounts (bz 2148353)
Signed-off-by: Steve Dickson <steved@redhat.com> Resolves: bz2148353
This commit is contained in:
parent
68e7571feb
commit
b2d2bdd14f
78
nfs-utils-2.5.4-juncs-automount.patch
Normal file
78
nfs-utils-2.5.4-juncs-automount.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
commit cdbef4e97a1cbc68cbaf16ba57d71858d2c69973
|
||||||
|
Author: Jeff Layton <jlayton@kernel.org>
|
||||||
|
Date: Tue Jan 10 09:37:25 2023 -0500
|
||||||
|
|
||||||
|
nfs-utils: Don't allow junction tests to trigger automounts
|
||||||
|
|
||||||
|
JianHong reported some strange behavior with automounts on an nfs server
|
||||||
|
without an explicit pseudoroot. When clients issued a readdir in the
|
||||||
|
pseudoroot, automounted directories that were not yet mounted would show
|
||||||
|
up even if they weren't exported, though the clients wouldn't be able to
|
||||||
|
do anything with them.
|
||||||
|
|
||||||
|
The issue was that triggering the automount on a directory would cause
|
||||||
|
the mountd upcall to time out, which would cause nfsd to include the
|
||||||
|
automounted dentry in the readdir response. Eventually, the automount
|
||||||
|
would work and report that it wasn't exported and subsequent attempts to
|
||||||
|
access the dentry would (properly) fail.
|
||||||
|
|
||||||
|
We never want mountd to trigger an automount. The kernel should do that
|
||||||
|
if it wants to use it. Change the junction checks to do an O_PATH open
|
||||||
|
and use fstatat with AT_NO_AUTOMOUNT.
|
||||||
|
|
||||||
|
Cc: Chuck Lever <chuck.lever@oracle.com>
|
||||||
|
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
|
||||||
|
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
|
||||||
|
Reported-by: JianHong Yin <jiyin@redhat.com>
|
||||||
|
Signed-off-by: Jeff Layton <jlayton@kernel.org>
|
||||||
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/support/junction/junction.c b/support/junction/junction.c
|
||||||
|
index 41cce26..0628bb0 100644
|
||||||
|
--- a/support/junction/junction.c
|
||||||
|
+++ b/support/junction/junction.c
|
||||||
|
@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
|
||||||
|
if (pathname == NULL || fd == NULL)
|
||||||
|
return FEDFS_ERR_INVAL;
|
||||||
|
|
||||||
|
- tmp = open(pathname, O_DIRECTORY);
|
||||||
|
+ tmp = open(pathname, O_PATH|O_DIRECTORY);
|
||||||
|
if (tmp == -1) {
|
||||||
|
switch (errno) {
|
||||||
|
case EPERM:
|
||||||
|
@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
|
||||||
|
{
|
||||||
|
struct stat stb;
|
||||||
|
|
||||||
|
- if (fstat(fd, &stb) == -1) {
|
||||||
|
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||||
|
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||||
|
__func__, path);
|
||||||
|
return FEDFS_ERR_ACCESS;
|
||||||
|
@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
|
||||||
|
{
|
||||||
|
struct stat stb;
|
||||||
|
|
||||||
|
- if (fstat(fd, &stb) == -1) {
|
||||||
|
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||||
|
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||||
|
__func__, path);
|
||||||
|
return FEDFS_ERR_ACCESS;
|
||||||
|
@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
|
||||||
|
{
|
||||||
|
struct stat stb;
|
||||||
|
|
||||||
|
- if (fstat(fd, &stb) == -1) {
|
||||||
|
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||||
|
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||||
|
__func__, path);
|
||||||
|
return FEDFS_ERR_ACCESS;
|
||||||
|
@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
|
||||||
|
if (retval != FEDFS_OK)
|
||||||
|
return retval;
|
||||||
|
|
||||||
|
- if (fstat(fd, &stb) == -1) {
|
||||||
|
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||||
|
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||||
|
__func__, pathname);
|
||||||
|
(void)close(fd);
|
@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
|
|||||||
Name: nfs-utils
|
Name: nfs-utils
|
||||||
URL: http://linux-nfs.org/
|
URL: http://linux-nfs.org/
|
||||||
Version: 2.5.4
|
Version: 2.5.4
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
|
|
||||||
# group all 32bit related archs
|
# group all 32bit related archs
|
||||||
@ -42,6 +42,11 @@ Patch014: nfs-utils-2.5.4-mount-null-ptr.patch
|
|||||||
Patch015: nfs-utils-2.5.4-nfsrahead-cmd.patch
|
Patch015: nfs-utils-2.5.4-nfsrahead-cmd.patch
|
||||||
Patch016: nfs-utils-2.5.4-covscan-return-value.patch
|
Patch016: nfs-utils-2.5.4-covscan-return-value.patch
|
||||||
|
|
||||||
|
#
|
||||||
|
# RHEL9.3
|
||||||
|
#
|
||||||
|
Patch017: nfs-utils-2.5.4-juncs-automount.patch
|
||||||
|
|
||||||
Patch100: nfs-utils-1.2.1-statdpath-man.patch
|
Patch100: nfs-utils-1.2.1-statdpath-man.patch
|
||||||
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
|
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
|
||||||
Patch102: nfs-utils-1.2.5-idmap-errmsg.patch
|
Patch102: nfs-utils-1.2.5-idmap-errmsg.patch
|
||||||
@ -482,6 +487,9 @@ fi
|
|||||||
%{_mandir}/*/nfsiostat.8.gz
|
%{_mandir}/*/nfsiostat.8.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 6 2023 Steve Dickson <steved@redhat.com> 2.5.4-19
|
||||||
|
- Don't allow junction tests to trigger automounts (bz 2148353)
|
||||||
|
|
||||||
* Thu Jan 26 2023 Steve Dickson <steved@redhat.com> 2.5.4-18
|
* Thu Jan 26 2023 Steve Dickson <steved@redhat.com> 2.5.4-18
|
||||||
- Covscan Scan: Wrong Check of Return Value (bz 2151968)
|
- Covscan Scan: Wrong Check of Return Value (bz 2151968)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user