From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 21 Jan 2021 13:33:09 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v4.4.253~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=018aa4dfa0a478519fc1fb78edc67d1c30801f39;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch
---

diff --git a/queue-4.14/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch b/queue-4.14/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch
new file mode 100644
index 00000000000..309f3d7673c
--- /dev/null
+++ b/queue-4.14/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch
@@ -0,0 +1,52 @@
+From 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Mon, 11 Jan 2021 16:01:29 -0500
+Subject: nfsd4: readdirplus shouldn't return parent of export
+
+From: J. Bruce Fields <bfields@redhat.com>
+
+commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream.
+
+If you export a subdirectory of a filesystem, a READDIRPLUS on the root
+of that export will return the filehandle of the parent with the ".."
+entry.
+
+The filehandle is optional, so let's just not return the filehandle for
+".." if we're at the root of an export.
+
+Note that once the client learns one filehandle outside of the export,
+they can trivially access the rest of the export using further lookups.
+
+However, it is also not very difficult to guess filehandles outside of
+the export.  So exporting a subdirectory of a filesystem should
+considered equivalent to providing access to the entire filesystem.  To
+avoid confusion, we recommend only exporting entire filesystems.
+
+Reported-by: Youjipeng <wangzhibei1999@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs3xdr.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs3xdr.c
++++ b/fs/nfsd/nfs3xdr.c
+@@ -845,9 +845,14 @@ compose_entry_fh(struct nfsd3_readdirres
+ 	if (isdotent(name, namlen)) {
+ 		if (namlen == 2) {
+ 			dchild = dget_parent(dparent);
+-			/* filesystem root - cannot return filehandle for ".." */
++			/*
++			 * Don't return filehandle for ".." if we're at
++			 * the filesystem or export root:
++			 */
+ 			if (dchild == dparent)
+ 				goto out;
++			if (dparent == exp->ex_path.dentry)
++				goto out;
+ 		} else
+ 			dchild = dget(dparent);
+ 	} else
diff --git a/queue-4.14/series b/queue-4.14/series
index b22188c2250..90e5165f5fc 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -32,3 +32,4 @@ alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch
 netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch
 usb-ohci-make-distrust_firmware-param-default-to-false.patch
 compiler.h-raise-minimum-version-of-gcc-to-5.1-for-arm64.patch
+nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch