Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Feb 2022 01:01:56 GMT
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 3a42078ae951 - stable/13 - nfsd: Allow file owners to perform Open(Delegate_cur)
Message-ID:  <202202160101.21G11uao094450@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=3a42078ae9516aafd8c7917c8c39b69a2e3377b5

commit 3a42078ae9516aafd8c7917c8c39b69a2e3377b5
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-02-02 22:10:16 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-02-16 01:00:47 +0000

    nfsd: Allow file owners to perform Open(Delegate_cur)
    
    Commit b0b7d978b6a8 changed the NFSv4 server's default
    behaviour to check the file's mode or ACL for permission to
    open the file, to be Linux and Solaris compatible.
    However, it turns out that Linux makes an exception for
    the case of Claim_delegate_cur(_fh).
    
    When a NFSv4 client is returning a delegation, it must
    acquire Opens against the server to replace the ones
    done locally in the client.  The client does this via
    an Open operation with Claim_delegate_cur(_fh).  If
    this operation fails, due to a change to the file's
    mode or ACL after the delegation was issued, the
    client does not have any way to retain the open.
    
    As such, the Linux client allows the file's owner
    to perform an Open with Claim_delegate_cur(_fh)
    no matter what the mode or ACL allows.
    
    This patch makes the FreeBSD server allow this case,
    to be Linux compatible.
    
    This patch only affects the case where delegations
    are enabled, which is not the default.
    
    (cherry picked from commit e2fe58d61b7ca95cbe87ce841a87c9ae8cecb47b)
---
 sys/fs/nfsserver/nfs_nfsdserv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index 438e5b00c8d0..d72716ce7fd8 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -3133,12 +3133,14 @@ nfsrvd_open(struct nfsrv_descript *nd, __unused int isdgram,
 	 * operation's results to be consistent with NFSv3, but that is
 	 * not what the current Linux client appears to be doing.
 	 * Since both the Linux and OpenSolaris NFSv4 servers do this check,
-	 * I have enabled it by default.
+	 * I have enabled it by default.  Since Linux does not apply this
+	 * check for claim_delegate_cur, this code does the same.
 	 * If this semantic change causes a problem, it can be disabled by
 	 * setting the sysctl vfs.nfsd.v4openaccess to 0 to re-enable the
 	 * previous semantics.
 	 */
-	if (nfsrv_openaccess && create == NFSV4OPEN_NOCREATE)
+	if (nfsrv_openaccess && create == NFSV4OPEN_NOCREATE &&
+	    (stp->ls_flags & NFSLCK_DELEGCUR) == 0)
 		override = NFSACCCHK_NOOVERRIDE;
 	else
 		override = NFSACCCHK_ALLOWOWNER;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202160101.21G11uao094450>