summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Staubach <staubach@redhat.com>2006-05-20 14:59:56 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-05-21 12:59:16 -0700
commit8c7b389e532e964f07057dac8a56c43465544759 (patch)
tree23d81d654dfead5f12503e77818dd45940fbc5fd
parentea6c20891eb25e4884b852c040136f44cb173f3e (diff)
[PATCH] NFS server subtree_check returns dubious value
Address a problem found when a Linux NFS server uses the "subtree_check" export option. The "subtree_check" NFS export option was designed to prohibit a client from using a file handle for which it should not have permission. The algorithm used is to ensure that the entire path to the file being referenced is accessible to the user attempting to use the file handle. If some part of the path is not accessible, then the operation is aborted and the appropriate version of ESTALE is returned to the NFS client. The error, ESTALE, is unfortunate in that it causes NFS clients to make certain assumptions about the continued existence of the file. They assume that the file no longer exists and refuse to attempt to access it again. In this case, the file really does exist, but access was denied by the server for a particular user. A better error to return would be an EACCES sort of error. This would inform the client that the particular operation that it was attempting was not allowed, without the nasty side effects of the ESTALE error. Signed-off-by: Peter Staubach <staubach@redhat.com> Acked-By: NeilBrown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/exportfs/expfs.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c
index b06b54f1bbb..4c39009350f 100644
--- a/fs/exportfs/expfs.c
+++ b/fs/exportfs/expfs.c
@@ -102,7 +102,7 @@ find_exported_dentry(struct super_block *sb, void *obj, void *parent,
if (acceptable(context, result))
return result;
if (S_ISDIR(result->d_inode->i_mode)) {
- /* there is no other dentry, so fail */
+ err = -EACCES;
goto err_result;
}