NFS: remount with security change should return EINVAL

A remount that alters security flavors can appear to succeed when it should
instead return -EINVAL.  Check to see if the current security flavor exists
within the flavors specified in the remount options, and if not fail the
remount.

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 322b2de02988fa6479c2d2831a5e5d70dfdad7c9..54a079a465e1367832497e49eb9d6aa9d446a6c9 100644 (file)
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2193,7 +2193,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
            data->version != nfss->nfs_client->rpc_ops->version ||
            data->minorversion != nfss->nfs_client->cl_minorversion ||
            data->retrans != nfss->client->cl_timeout->to_retries ||
-           data->selected_flavor != nfss->client->cl_auth->au_flavor ||
+           !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
            data->acregmin != nfss->acregmin / HZ ||
            data->acregmax != nfss->acregmax / HZ ||
            data->acdirmin != nfss->acdirmin / HZ ||
@@ -2241,7 +2241,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
        data->wsize = nfss->wsize;
        data->retrans = nfss->client->cl_timeout->to_retries;
        data->selected_flavor = nfss->client->cl_auth->au_flavor;
-       data->auth_info = nfss->auth_info;
        data->acregmin = nfss->acregmin / HZ;
        data->acregmax = nfss->acregmax / HZ;
        data->acdirmin = nfss->acdirmin / HZ;