Bug 53221

Summary: mounting path below symlink in cifs drive causes BUG
Product: File System Reporter: Kjell Braden (afflux)
Component: CIFSAssignee: fs_cifs (fs_cifs)
Status: CLOSED CODE_FIX    
Severity: normal CC: alan, florian, jlayton
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.0.0 - 3.8 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: dmesg w/ call trace
patch -- ensure that cifs_get_root only traverses directories
cifsFYI from working mount with old kernels (using a relative link)
cifsFYI from crashing mount with new kernels (using a relative link)

Description Kjell Braden 2013-01-30 10:07:32 UTC 
Created attachment 92221 [details]
dmesg w/ call trace

Consider the following tree:

 /srv/symtest
 /srv/symtest/dir
 /srv/symtest/dir/subdir
 /srv/symtest/link -> dir

this works:
  # mount.cifs //smbsrv/symtest/dir/subdir/ /mnt/

this causes oops:
  # mount.cifs //smbsrv/symtest/link/subdir/ /mnt/


This issue was introduced in commit fec11dd9a0109fe52fd631e5c510778d6cbff6cc.
Comment 1 Jeff Layton 2013-01-30 11:44:48 UTC 
Created attachment 92231 [details]
patch -- ensure that cifs_get_root only traverses directories

Thanks for the bug report. This patch fixes it for me, does it also fix it for you?
Comment 2 Jeff Layton 2013-01-30 11:47:32 UTC 
I should mention too that this fixes the oops, but will give you an ENOTDIR error when you try to traverse a symlink like this. I think that's probably the safest course of action here since chasing symlinks is pretty complex and is possibly racy.
Comment 3 Kjell Braden 2013-01-30 12:46:58 UTC 
The patch indeed fixes the BUG, but I'd argue that throwing an error is not a great solution considering the functionality was available before.
Comment 4 Jeff Layton 2013-01-30 12:54:02 UTC 
So out of curiousity...

What if the symlink is an absolute one and points outside the share? For instance:

    /srv/symtest/link -> /root

...what happened at that point with the older kernels?
Comment 5 Kjell Braden 2013-01-30 13:00:10 UTC 
On older kernels, mounting anything below an absolute link pointing outside the share (whether the mounting user is allowed to read it or not) indeed gives ENOTDIR.

But with
    /srv/symtest/abslink -> /srv/symtest/dir

mounting //localhost/symtest/abslink/subdir works.
Comment 6 Kjell Braden 2013-01-30 13:21:00 UTC 
Created attachment 92241 [details]
cifsFYI from working mount with old kernels (using a relative link)
Comment 7 Kjell Braden 2013-01-30 13:21:59 UTC 
Created attachment 92251 [details]
cifsFYI from crashing mount with new kernels (using a relative link)
Comment 8 Jeff Layton 2013-02-01 20:14:22 UTC 
Posted the patch upstream since that should at least fix the oops. Feel free to weigh in with your use case that involves mounting through symlinks, and maybe someone will fix that case at some point.
Comment 9 Florian Mickler 2013-03-04 21:25:48 UTC 
A patch referencing this bug report has been merged in Linux v3.9-rc1:

commit ce2ac52105aa663056dfc17966ebed1bf93e6e64
Author: Jeff Layton <jlayton@redhat.com>
Date:   Fri Feb 1 15:11:01 2013 -0500

    cifs: ensure that cifs_get_root() only traverses directories