Bug 53221 - mounting path below symlink in cifs drive causes BUG
Summary: mounting path below symlink in cifs drive causes BUG
Status: CLOSED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: CIFS (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_cifs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-30 10:07 UTC by Kjell Braden
Modified: 2013-11-18 15:54 UTC (History)
3 users (show)

See Also:
Kernel Version: 3.0.0 - 3.8
Subsystem:
Regression: Yes
Bisected commit-id:

Attachments
dmesg w/ call trace (3.13 KB, text/plain)
2013-01-30 10:07 UTC, Kjell Braden 		Details
patch -- ensure that cifs_get_root only traverses directories (1.17 KB, patch)
2013-01-30 11:44 UTC, Jeff Layton 		Details | Diff
cifsFYI from working mount with old kernels (using a relative link) (2.07 KB, text/plain)
2013-01-30 13:21 UTC, Kjell Braden 		Details
cifsFYI from crashing mount with new kernels (using a relative link) (4.32 KB, text/plain)
2013-01-30 13:21 UTC, Kjell Braden 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Kjell Braden 2013-01-30 10:07:32 UTC 
Created attachment 92221 [details]
dmesg w/ call trace

Consider the following tree:

 /srv/symtest
 /srv/symtest/dir
 /srv/symtest/dir/subdir
 /srv/symtest/link -> dir

this works:
  # mount.cifs //smbsrv/symtest/dir/subdir/ /mnt/

this causes oops:
  # mount.cifs //smbsrv/symtest/link/subdir/ /mnt/


This issue was introduced in commit fec11dd9a0109fe52fd631e5c510778d6cbff6cc.
Comment 1 Jeff Layton 2013-01-30 11:44:48 UTC 
Created attachment 92231 [details]
patch -- ensure that cifs_get_root only traverses directories

Thanks for the bug report. This patch fixes it for me, does it also fix it for you?
Comment 2 Jeff Layton 2013-01-30 11:47:32 UTC 
I should mention too that this fixes the oops, but will give you an ENOTDIR error when you try to traverse a symlink like this. I think that's probably the safest course of action here since chasing symlinks is pretty complex and is possibly racy.
Comment 3 Kjell Braden 2013-01-30 12:46:58 UTC 
The patch indeed fixes the BUG, but I'd argue that throwing an error is not a great solution considering the functionality was available before.
Comment 4 Jeff Layton 2013-01-30 12:54:02 UTC 
So out of curiousity...

What if the symlink is an absolute one and points outside the share? For instance:

    /srv/symtest/link -> /root

...what happened at that point with the older kernels?
Comment 5 Kjell Braden 2013-01-30 13:00:10 UTC 
On older kernels, mounting anything below an absolute link pointing outside the share (whether the mounting user is allowed to read it or not) indeed gives ENOTDIR.

But with
    /srv/symtest/abslink -> /srv/symtest/dir

mounting //localhost/symtest/abslink/subdir works.
Comment 6 Kjell Braden 2013-01-30 13:21:00 UTC 
Created attachment 92241 [details]
cifsFYI from working mount with old kernels (using a relative link)
Comment 7 Kjell Braden 2013-01-30 13:21:59 UTC 
Created attachment 92251 [details]
cifsFYI from crashing mount with new kernels (using a relative link)
Comment 8 Jeff Layton 2013-02-01 20:14:22 UTC 
Posted the patch upstream since that should at least fix the oops. Feel free to weigh in with your use case that involves mounting through symlinks, and maybe someone will fix that case at some point.
Comment 9 Florian Mickler 2013-03-04 21:25:48 UTC 
A patch referencing this bug report has been merged in Linux v3.9-rc1:

commit ce2ac52105aa663056dfc17966ebed1bf93e6e64
Author: Jeff Layton <jlayton@redhat.com>
Date:   Fri Feb 1 15:11:01 2013 -0500

    cifs: ensure that cifs_get_root() only traverses directories
Note You need to log in before you can comment on or make changes to this bug.