[PATCH 0/5] nfs: Fix mounting NFS3 AUTH_NULL exports

["Pali Rohár" <pali@kernel.org>]

Linux NFS3 kernel client currently has broken support for NFS3
AUTH_NULL-only exports and also broken mount option -o sec=none
(which explicitly specifies that mount should use AUTH_NULL).

For AUTH_NULL-only server exports, Linux NFS3 kernel client mounts such
export with AUTH_UNIX authentication which results in unusable mount
point (any operation on it fails with error because server rejects
AUTH_UNIX authentication).

Half of the problem is with MNTv3 servers, as some of them (e.g. Linux
one) never announce AUTH_NULL authentication for any export. Linux MNTv3
server does not announce it even when the export has the only AUTH_NULL
auth method allowed, instead it announce AUTH_UNIX (even when AUTH_UNIX
is disabled for that export in Linux NFS3 knfsd server). So MNTv3 server
for AUTH_NONE-only exports instruct Linux NFS3 kernel client to use
AUTH_UNIX and then NFS3 server refuse access to files with AUTH_UNIX.

Main problem on the client side is that mount option -o sec=none for
NFS3 client is not processed and Linux NFS kernel client always skips
AUTH_NULL (even when server announce it, and also even when user
specifies -o sec=none on mount command line).

This patch series address these issues in NFS3 client code.

Add a workaround for buggy MNTv3 servers which do not announce AUTH_NULL,
by trying AUTH_NULL authentication as an absolutely last chance when
everything else fails. And honors user choice of AUTH_NULL if user
explicitly specified -o sec=none as mount option.

AUTH_NULL authentication is useful for read-only exports, including
public exports. As authentication for these types of exports do not have
to be required.

Patch series was tested with AUTH_NULL-only, AUTH_UNIX-only and combined
AUTH_NULL+AUTH_UNIX exports from Linux knfsd NFS3 server + default Linux
MNTv3 userspace server. And also tested with exports from modified MNTv3
server to properly return AUTH_NULL support in response list.

Patch series is based on the latest upstream tag v6.11-rc7.

Pali Rohár (5):
  nfs: Fix support for NFS3 mount with -o sec=none from Linux MNTv3
    server
  nfs: Propagate AUTH_NULL/AUTH_UNIX PATHCONF NFS3ERR_ACCESS failures
  nfs: Try to use AUTH_NULL for NFS3 mount when no -o sec was given
  nfs: Fix -o sec=none output in /proc/mounts
  nfs: Remove duplicate debug message 'using auth flavor'

 fs/nfs/client.c | 14 ++++++++++-
 fs/nfs/super.c  | 64 +++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 65 insertions(+), 13 deletions(-)

-- 
2.20.1