36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From b9293b51ea6182618e474edfbeb5cd34f5e875e8 Mon Sep 17 00:00:00 2001
|
|
From: Olga Kornievskaia <okorniev@redhat.com>
|
|
Date: Fri, 21 Mar 2025 20:13:04 -0400
|
|
Subject: nfsd: fix access checking for NLM under XPRTSEC policies
|
|
|
|
When an export policy with xprtsec policy is set with "tls"
|
|
and/or "mtls", but an NFS client is doing a v3 xprtsec=tls
|
|
mount, then NLM locking calls fail with an error because
|
|
there is currently no support for NLM with TLS.
|
|
|
|
Until such support is added, allow NLM calls under TLS-secured
|
|
policy.
|
|
|
|
Fixes: 4cc9b9f2bf4d ("nfsd: refine and rename NFSD_MAY_LOCK")
|
|
Cc: stable@vger.kernel.org
|
|
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
|
|
Reviewed-by: NeilBrown <neil@brown.name>
|
|
Reviewed-by: Jeff Layton <jlayton@kernel.org>
|
|
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
---
|
|
fs/nfsd/export.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
--- a/fs/nfsd/export.c
|
|
+++ b/fs/nfsd/export.c
|
|
@@ -1124,7 +1124,8 @@ __be32 check_nfsd_access(struct svc_expo
|
|
test_bit(XPT_PEER_AUTH, &xprt->xpt_flags))
|
|
goto ok;
|
|
}
|
|
- goto denied;
|
|
+ if (!may_bypass_gss)
|
|
+ goto denied;
|
|
|
|
ok:
|
|
/* legacy gss-only clients are always OK: */
|