nfsd4: don't continue "under" mounts in V4ROOT case

If /A/mount/point/ has filesystem "B" mounted on top of it, and if "A"
is exported, but not "B", then the nfs server has always returned to the
client a filehandle for the mountpoint, instead of for the root of "B",
allowing the client to see the subtree of "A" that would otherwise be
hidden by B.

Disable this behavior in the case of V4ROOT exports; we implement the
path restrictions of V4ROOT exports by treating *every* directory as if
it were a mountpoint, and allowing traversal *only* if the new directory
is exported.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

1 files changed, 10 insertions, 2 deletions

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 04bdba12d21b..7e2fdd50113f 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -99,8 +99,16 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
 
         exp2 = rqst_exp_get_by_name(rqstp, &path);
         if (IS_ERR(exp2)) {
-                if (PTR_ERR(exp2) != -ENOENT)
-                        err = PTR_ERR(exp2);
+                err = PTR_ERR(exp2);
+                /*
+                 * We normally allow NFS clients to continue
+                 * "underneath" a mountpoint that is not exported.
+                 * The exception is V4ROOT, where no traversal is ever
+                 * allowed without an explicit export of the new
+                 * directory.
+                 */
+                if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT))
+                        err = 0;
                 path_put(&path);
                 goto out;
         }