backport patches from community

2023-03-22 11:12:31 +08:00 · 2023-03-22 11:12:31 +08:00 · 3f76f86e5d
commit 3f76f86e5d
parent 18a6069664
3 changed files with 118 additions and 1 deletions
--- a/0006-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
+++ b/0006-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
@ -0,0 +1,83 @@
+From cdbef4e97a1cbc68cbaf16ba57d71858d2c69973 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@kernel.org>
+Date: Tue, 10 Jan 2023 09:37:25 -0500
+Subject: [PATCH] nfs-utils: Don't allow junction tests to trigger automounts
+
+JianHong reported some strange behavior with automounts on an nfs server
+without an explicit pseudoroot. When clients issued a readdir in the
+pseudoroot, automounted directories that were not yet mounted would show
+up even if they weren't exported, though the clients wouldn't be able to
+do anything with them.
+
+The issue was that triggering the automount on a directory would cause
+the mountd upcall to time out, which would cause nfsd to include the
+automounted dentry in the readdir response. Eventually, the automount
+would work and report that it wasn't exported and subsequent attempts to
+access the dentry would (properly) fail.
+
+We never want mountd to trigger an automount. The kernel should do that
+if it wants to use it. Change the junction checks to do an O_PATH open
+and use fstatat with AT_NO_AUTOMOUNT.
+
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
+Reported-by: JianHong Yin <jiyin@redhat.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/junction/junction.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/support/junction/junction.c b/support/junction/junction.c
+index 41cce261..0628bb0f 100644
+--- a/support/junction/junction.c
+++ b/support/junction/junction.c
+@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
+ 	if (pathname == NULL || fd == NULL)
+ 		return FEDFS_ERR_INVAL;
+ 
+-	tmp = open(pathname, O_DIRECTORY);
+	tmp = open(pathname, O_PATH|O_DIRECTORY);
+ 	if (tmp == -1) {
+ 		switch (errno) {
+ 		case EPERM:
+@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
+	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
+	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
+	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
+ 	if (retval != FEDFS_OK)
+ 		return retval;
+ 
+-	if (fstat(fd, &stb) == -1) {
+	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, pathname);
+ 		(void)close(fd);
+-- 
+2.33.0
+
--- a/0007-Covscan-Scan-Wrong-Check-of-Return-Value.patch
+++ b/0007-Covscan-Scan-Wrong-Check-of-Return-Value.patch
@ -0,0 +1,28 @@
+From 631c6aa34aae7328dc297210fd2de2d5364c697f Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 4 Jan 2023 12:04:09 -0500
+Subject: [PATCH] Covscan Scan: Wrong Check of Return Value
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2151966
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/client.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/export/client.c b/support/export/client.c
+index ea4f89d3..79164fef 100644
+--- a/support/export/client.c
+++ b/support/export/client.c
+@@ -699,6 +699,9 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
+ 
+ 	/* check whether the IP itself is in the netgroup */
+ 	ip = calloc(INET6_ADDRSTRLEN, 1);
+	if (ip == NULL)
+		goto out;
+
+ 	if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
+ 		if (innetgr(netgroup, ip, NULL, NULL)) {
+ 			free(hname);
+-- 
+2.33.0
+
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@ -4,7 +4,7 @@

 Name:    nfs-utils
 Version: 2.6.2
-Release: 3
+Release: 4
 Epoch:   2
 Summary: The Linux NFS userland utility package
 License: MIT and GPLv2 and GPLv2+ and BSD
@ -18,6 +18,9 @@ Patch2:  0002-nfs-utils-set-use-gss-proxy-1-to-enable-gss-proxy-by.patch
 Patch3:	 0003-fix-coredump-in-bl_add_disk.patch
 Patch4:  0004-nfs-blkmaped-Fix-the-error-status-when-nfs_blkmapd-s.patch
 Patch5:  0005-nfs-blkmapd-PID-file-read-by-systemd-failed.patch
+Patch6:  0006-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
+Patch7:  0007-Covscan-Scan-Wrong-Check-of-Return-Value.patch
+
 BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel
 BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
 BuildRequires: automake, libtool, gcc, device-mapper-devel
@ -289,6 +292,9 @@ fi
 %{_mandir}/*/*

 %changelog
+* Wed Mar 22 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.6.2-4
+- backport patches from community
+
 * Mon Nov 21 2022 fangchuang <fangchuangchuang@huawei.com> - 2:2.6.2-3
 - nfs-blkmapd: PID file read by systemd failed