From nobody Fri Jan  9 19:56:15 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dnswg69TCz6B8KJ
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Fri, 09 Jan 2026 19:56:35 +0000 (UTC)
	(envelope-from bjkfbsd@gmail.com)
Received: from mail-dy1-x1333.google.com (mail-dy1-x1333.google.com [IPv6:2607:f8b0:4864:20::1333])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dnswg5lgFz3GHf
	for <dev-commits-src-all@freebsd.org>; Fri, 09 Jan 2026 19:56:35 +0000 (UTC)
	(envelope-from bjkfbsd@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-dy1-x1333.google.com with SMTP id 5a478bee46e88-2b1981ca515so1541553eec.1
        for <dev-commits-src-all@freebsd.org>; Fri, 09 Jan 2026 11:56:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1767988588; x=1768593388; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=IxwQWgXfVTHR+TeNhUMR0siR/6YBm5/U0Pmu1V3u3Pg=;
        b=c5b39V0ZKaO0d7czEwm+DeWr0UR/1a/tTAlC4wVkOSMQze7bSfmhD5wv22VxB3SCYS
         SmOmXpexFyYtXyW0DV+71O8XGAbpE0KEKQggz5NBOLPDFlO6+vGR+FFrJk+USNdxo09o
         ZE8mcEMw2jgTalV0tkhi6Q1lemiD70lhgpr/mDpE2L/SSLqVwzm0zeFK5KvK75X2olfm
         +pdLaS4lYqluGtOII5mZmIWO4KG86IwztKiWXC2EI/IW9SZVkfS/kODkMIX1orLlSJxQ
         hSA5FL/fiZG0RdQ+tnSa5oESyVno8AgfQ4+cRXgxtHRiC/pb8x4YTgeJIWtDbFAJAOPX
         ZMuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1767988588; x=1768593388;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=IxwQWgXfVTHR+TeNhUMR0siR/6YBm5/U0Pmu1V3u3Pg=;
        b=I5Qbzq9uHtBASsHk1F8yzPHvzthtNZyacHdRPWzBlpp+Ziik8lwk3xvwjNeR2WziFG
         DazpfuO7o/WubnhPfIUHcIHBblljZhnOKN5zULynD7ZkhkU7AwjbQf1AkfFMjf683Q8S
         sstshW3rGxK4+p5fAkQKGCN2nxfVI6goOhbhZz6ORfZ7AQoZfPlzQUDNRemX8pODQHBQ
         dHNeL1/C3iiDwaDCSozpZEJaLJ6/J0QAh9gnARPk9G7ZWhNmEAZuMYpryy9EpXojhDR0
         l6ZSn3q/G8/oDM8aTV9Rnf+MyF7RfQklO4pp159VQaVbXq2/x1zgWudKIHr1Z1O4zVUT
         dd7A==
X-Forwarded-Encrypted: i=1; AJvYcCVA0aGS18UR/vJVCzOCqLuvY0FvwFlvmyxErXdgWAghF1LQ+9Go1wF215J3wJAHsj5I8C4Tsan4lhILK3HBUxsxImDY@freebsd.org
X-Gm-Message-State: AOJu0YxQeGck2KuEy2QKJDx98+viWi6DGxT5FywPyCf1jjzAvcL8Yj0V
	BdXtuGd8ox88JmOFlASl5MN4WmSGXBFu+hgFk6SBTjnp/kusjCuel2XXjibtmBNS6dSMylJDUOG
	BeDUFI8hSeRLdKqqBWsse0BjpySxwfRg=
X-Gm-Gg: AY/fxX5bhcGkGIBKPUvjpju0R1ypn0StFXrC3bWLqoTp/+eXBX4Ye40MYSMeFDMXg79
	CcZIPacXRX6OGa/QuRA9II7heMEAIncaYUIxz4IP4r1/UnrTgmsNdxaz4fH+U4Bp5CpzzpScp/j
	R5gLMx+nrYoaPq66FyFM4XmnoVb1iytWJ/hrHO7If5FV/Y8UVl9R8d9dt2W5jOEYx6fH1Uhlia1
	Bkv8q0yvxa0m37c1WjFmftPgjnm9byCoJ/hdXxuKKp3CVGzEMSjnIXJS2VQrH7e3d6zL95l
X-Google-Smtp-Source: AGHT+IHuF2X10lqh6rDdU8Arc6x3QWxRt4IfQsSzkZU6gyidqv3fsZvLpqt3AVK1puohRZaEOpIhSbELHJ6Fed81Z3g=
X-Received: by 2002:a05:7300:3724:b0:2b0:2e5:228b with SMTP id
 5a478bee46e88-2b17d2d5e9emr8229423eec.33.1767988587498; Fri, 09 Jan 2026
 11:56:27 -0800 (PST)
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
References: <69604cd7.3aebd.7fdcb739@gitrepo.freebsd.org>
In-Reply-To: <69604cd7.3aebd.7fdcb739@gitrepo.freebsd.org>
From: Benjamin Kaduk <bjkfbsd@gmail.com>
Date: Fri, 9 Jan 2026 11:56:15 -0800
X-Gm-Features: AZwV_Qh-iLu5q_2mR7BWQfYJguJR_r1uhFbggLVsGmhcf6iqJPQeQkzJ1IKhFqE
Message-ID: <CAJ5_RoD-T0SJpsKL5V-JHrz7hS_7g8Z=hMX_iNpq8DoCFtBi1g@mail.gmail.com>
Subject: Re: git: a6d57f312f18 - main - nfsd: Fix handling of hidden/system
 during Open/Create
To: Rick Macklem <rmacklem@freebsd.org>
Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, 
	dev-commits-src-main@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000b98fa10647f9eb47"
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Queue-Id: 4dnswg5lgFz3GHf

--000000000000b98fa10647f9eb47
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Jan 8, 2026 at 4:33=E2=80=AFPM Rick Macklem <rmacklem@freebsd.org> =
wrote:

> The branch main has been updated by rmacklem:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=3Da6d57f312f18bbeeda8a34e99d0a662=
b0db9a190
>
> commit a6d57f312f18bbeeda8a34e99d0a662b0db9a190
> Author:     Rick Macklem <rmacklem@FreeBSD.org>
> AuthorDate: 2026-01-08 16:27:32 +0000
> Commit:     Rick Macklem <rmacklem@FreeBSD.org>
> CommitDate: 2026-01-08 16:27:32 +0000
>
>     nfsd: Fix handling of hidden/system during Open/Create
>
>     When an NFSv4.n client specifies settings for the archive,
>     hidden and/or system attributes during a Open/Create, the
>     Open/Create fails for ZFS.  This is caused by ZFS doing
>     a secpolicy_xvattr() call, which fails for non-root.
>     If this check is bypassed, ZFS panics.
>
>     This patch resolves the problem by disabling va_flags
>     for the VOP_CREATE() call in the NFSv4.n server and
>     then setting the flags with a subsequent VOP_SETATTR().
>
>
The diff doesn't really include enough context to tell -- does this
introduce a race window where a file that's supposed to be hidden and/or
system is visible without that attribute from a different process?

Thanks,

Ben

--000000000000b98fa10647f9eb47
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Thu, Jan 8, 2026 at 4:33=E2=80=AFPM Ri=
ck Macklem &lt;<a href=3D"mailto:rmacklem@freebsd.org">rmacklem@freebsd.org=
</a>&gt; wrote:</div><div class=3D"gmail_quote gmail_quote_container"><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:=
1px solid rgb(204,204,204);padding-left:1ex">The branch main has been updat=
ed by rmacklem:<br>
<br>
URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3Da6d57f312f18bbeed=
a8a34e99d0a662b0db9a190" rel=3D"noreferrer" target=3D"_blank">https://cgit.=
FreeBSD.org/src/commit/?id=3Da6d57f312f18bbeeda8a34e99d0a662b0db9a190</a><b=
r>
<br>
commit a6d57f312f18bbeeda8a34e99d0a662b0db9a190<br>
Author:=C2=A0 =C2=A0 =C2=A0Rick Macklem &lt;rmacklem@FreeBSD.org&gt;<br>
AuthorDate: 2026-01-08 16:27:32 +0000<br>
Commit:=C2=A0 =C2=A0 =C2=A0Rick Macklem &lt;rmacklem@FreeBSD.org&gt;<br>
CommitDate: 2026-01-08 16:27:32 +0000<br>
<br>
=C2=A0 =C2=A0 nfsd: Fix handling of hidden/system during Open/Create<br>
<br>
=C2=A0 =C2=A0 When an NFSv4.n client specifies settings for the archive,<br=
>
=C2=A0 =C2=A0 hidden and/or system attributes during a Open/Create, the<br>
=C2=A0 =C2=A0 Open/Create fails for ZFS.=C2=A0 This is caused by ZFS doing<=
br>
=C2=A0 =C2=A0 a secpolicy_xvattr() call, which fails for non-root.<br>
=C2=A0 =C2=A0 If this check is bypassed, ZFS panics.<br>
<br>
=C2=A0 =C2=A0 This patch resolves the problem by disabling va_flags<br>
=C2=A0 =C2=A0 for the VOP_CREATE() call in the NFSv4.n server and<br>
=C2=A0 =C2=A0 then setting the flags with a subsequent VOP_SETATTR().<br><b=
r></blockquote><div><br></div><div>The diff doesn&#39;t really include enou=
gh context to tell -- does this introduce a race window where a file that&#=
39;s supposed to be hidden and/or system is visible without that attribute =
from a different process?</div><div><br></div><div>Thanks,</div><div><br></=
div><div>Ben=C2=A0</div></div></div>

--000000000000b98fa10647f9eb47--