Date: Fri, 9 Jan 2026 11:56:15 -0800 From: Benjamin Kaduk <bjkfbsd@gmail.com> To: Rick Macklem <rmacklem@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: a6d57f312f18 - main - nfsd: Fix handling of hidden/system during Open/Create Message-ID: <CAJ5_RoD-T0SJpsKL5V-JHrz7hS_7g8Z=hMX_iNpq8DoCFtBi1g@mail.gmail.com> In-Reply-To: <69604cd7.3aebd.7fdcb739@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Jan 8, 2026 at 4:33 PM Rick Macklem <rmacklem@freebsd.org> wrote: > The branch main has been updated by rmacklem: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=a6d57f312f18bbeeda8a34e99d0a662b0db9a190 > > commit a6d57f312f18bbeeda8a34e99d0a662b0db9a190 > Author: Rick Macklem <rmacklem@FreeBSD.org> > AuthorDate: 2026-01-08 16:27:32 +0000 > Commit: Rick Macklem <rmacklem@FreeBSD.org> > CommitDate: 2026-01-08 16:27:32 +0000 > > nfsd: Fix handling of hidden/system during Open/Create > > When an NFSv4.n client specifies settings for the archive, > hidden and/or system attributes during a Open/Create, the > Open/Create fails for ZFS. This is caused by ZFS doing > a secpolicy_xvattr() call, which fails for non-root. > If this check is bypassed, ZFS panics. > > This patch resolves the problem by disabling va_flags > for the VOP_CREATE() call in the NFSv4.n server and > then setting the flags with a subsequent VOP_SETATTR(). > > The diff doesn't really include enough context to tell -- does this introduce a race window where a file that's supposed to be hidden and/or system is visible without that attribute from a different process? Thanks, Ben [-- Attachment #2 --] <div dir="ltr"><div dir="ltr">On Thu, Jan 8, 2026 at 4:33 PM Rick Macklem <<a href="mailto:rmacklem@freebsd.org">rmacklem@freebsd.org</a>> wrote:</div><div class="gmail_quote gmail_quote_container"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The branch main has been updated by rmacklem:<br> <br> URL: <a href="https://cgit.FreeBSD.org/src/commit/?id=a6d57f312f18bbeeda8a34e99d0a662b0db9a190" rel="noreferrer" target="_blank">https://cgit.FreeBSD.org/src/commit/?id=a6d57f312f18bbeeda8a34e99d0a662b0db9a190</a><br>; <br> commit a6d57f312f18bbeeda8a34e99d0a662b0db9a190<br> Author: Rick Macklem <rmacklem@FreeBSD.org><br> AuthorDate: 2026-01-08 16:27:32 +0000<br> Commit: Rick Macklem <rmacklem@FreeBSD.org><br> CommitDate: 2026-01-08 16:27:32 +0000<br> <br> nfsd: Fix handling of hidden/system during Open/Create<br> <br> When an NFSv4.n client specifies settings for the archive,<br> hidden and/or system attributes during a Open/Create, the<br> Open/Create fails for ZFS. This is caused by ZFS doing<br> a secpolicy_xvattr() call, which fails for non-root.<br> If this check is bypassed, ZFS panics.<br> <br> This patch resolves the problem by disabling va_flags<br> for the VOP_CREATE() call in the NFSv4.n server and<br> then setting the flags with a subsequent VOP_SETATTR().<br><br></blockquote><div><br></div><div>The diff doesn't really include enough context to tell -- does this introduce a race window where a file that's supposed to be hidden and/or system is visible without that attribute from a different process?</div><div><br></div><div>Thanks,</div><div><br></div><div>Ben </div></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ5_RoD-T0SJpsKL5V-JHrz7hS_7g8Z=hMX_iNpq8DoCFtBi1g>