From nobody Sat Jan 24 00:47:42 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dybk66M4xz6Q2Kh for ; Sat, 24 Jan 2026 00:47:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dybk65hbMz3Cbn for ; Sat, 24 Jan 2026 00:47:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769215662; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1PCy2DU4x5PNBsH+UdqXo3aczi0iuRVBpuCMyeE7Nfs=; b=negcHJAGGgs6LuM2I85nb0GdYmyiAa4QDQUhMFZy3k/ywPwO6mcKdooQUclHh66N6qOfVZ rAvFjaIZHeDEhajfqwuQGXVgh1a1e16Kt6tDaSUtSJBw2Y4zt96XSYwmRvWOBsnLF6TZha yTvAYSUU6N2o6lSeEf1ZlVPjhA/Pd83RMOM6FOOuvhWR4wjx7P/tT5RgK8Dq5pgxo+3Hek GcxQDFAxHtS/d5bGXSMGklKSrT3x2iMiNgG3JqE8yxYCNj3ZS5UhGSmwcniWMmWdkLl2nS bDDWeX9KBN7OGeeWiKs5CITKZ9i55nNY913oGtSwGA8bqg6vnGwZmQBSDDcKeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769215662; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1PCy2DU4x5PNBsH+UdqXo3aczi0iuRVBpuCMyeE7Nfs=; b=WlisSYtKtTAjxzj0q5bG50h0LudRmaxvpfOvVpjw9zYKoEw9PrYKMLnRKt1eGp3AojlBeN t/3S1km4CgHvK/R/IN8NYe8SbiIaoKTrrR2lV2aj4/ecP2t2RrocUhRVMjUgts/LHluUKo e11D8JUJO8bL8L4PM02ug7Rx0XSud1O7UgFAG8ElM2rAB29Y8QJmxH5izdzABx4WdsSREh KEzAGeD7gF2IFEawJ/lmeCP5KuGmeNcnA8ywPBIcRHRq+jOKT75hnsnkO3nEtuPZwDfpze usHyWt0hkVdVZ+aR/Rn/i0yTmHGm2mFPkyCuNjre0gnlXjUL5p1ceMVFddhRwQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769215662; a=rsa-sha256; cv=none; b=UfJo096/yp2odN5xtmhh74avBRN5gcfuQO3HyFBjgcnxsasLd8Y6RB9qyD6wF/BLjgN/Jr EXqonwbP3daM+lRPq9/tv4kQKybbfWtTGJMr5+U/IQvZPcvVLTgyhHmKngfJuJo6qhJDDS 475GAhBDhJbp00gv/bYcedgX7K+klXh8Z38zm50uZ1wmMloXvjop/3NCEUV8VJ48q2Xbza ZmoWqgf6d0gwajlMrdNBLNgVWHejijjUzzs81WaPR0lg64/qetKpNrLuToMY5pMkrf5cO+ OTaU4ApqRc3eape0hS/EQxJoZfgRg8wBZ73f1LAsAJ2M/zr4VblidvCWk+Okew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dybk65F7YzjPV for ; Sat, 24 Jan 2026 00:47:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id b1c4 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sat, 24 Jan 2026 00:47:42 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 6fd7e55c9413 - stable/15 - nfsd: Fix handling of hidden/system during Open/Create List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 6fd7e55c94134b01c6e0f14f53d3172f18ab786f Auto-Submitted: auto-generated Date: Sat, 24 Jan 2026 00:47:42 +0000 Message-Id: <697416ae.b1c4.602ef37@gitrepo.freebsd.org> The branch stable/15 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=6fd7e55c94134b01c6e0f14f53d3172f18ab786f commit 6fd7e55c94134b01c6e0f14f53d3172f18ab786f Author: Rick Macklem AuthorDate: 2026-01-08 16:27:32 +0000 Commit: Rick Macklem CommitDate: 2026-01-24 00:43:05 +0000 nfsd: Fix handling of hidden/system during Open/Create When an NFSv4.n client specifies settings for the archive, hidden and/or system attributes during a Open/Create, the Open/Create fails for ZFS. This is caused by ZFS doing a secpolicy_xvattr() call, which fails for non-root. If this check is bypassed, ZFS panics. This patch resolves the problem by disabling va_flags for the VOP_CREATE() call in the NFSv4.n server and then setting the flags with a subsequent VOP_SETATTR(). This problem only affects FreeBSD-15 and main, since the archive, system and hidden attributes are not enabled for FreeBSD-14. I think a similar problem exists for the NFSv4.n Open/Create/Exclusive_41, but that will be resolved in a future commit. Note that the Linux, Solaris and FreeBSD clients do not set archive, hidden or system for Open/Create, so the bug does not affect mounts from those clients. PR: 292283 (cherry picked from commit a6d57f312f18bbeeda8a34e99d0a662b0db9a190) --- sys/fs/nfsserver/nfs_nfsdport.c | 11 +++++++++++ sys/fs/nfsserver/nfs_nfsdsubs.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index c05e0d67f0d6..18e5813596c6 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -1977,6 +1977,7 @@ nfsvno_open(struct nfsrv_descript *nd, struct nameidata *ndp, struct nfsexstuff nes; struct thread *p = curthread; uint32_t oldrepstat; + u_long savflags; if (ndp->ni_vp == NULL) { /* @@ -1991,6 +1992,15 @@ nfsvno_open(struct nfsrv_descript *nd, struct nameidata *ndp, } if (!nd->nd_repstat) { if (ndp->ni_vp == NULL) { + /* + * Most file systems ignore va_flags for + * VOP_CREATE(), however setting va_flags + * for VOP_CREATE() causes problems for ZFS. + * So disable them and let nfsrv_fixattr() + * do them, as required. + */ + savflags = nvap->na_flags; + nvap->na_flags = VNOVAL; nd->nd_repstat = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); /* For a pNFS server, create the data file on a DS. */ @@ -2003,6 +2013,7 @@ nfsvno_open(struct nfsrv_descript *nd, struct nameidata *ndp, nfsrv_pnfscreate(ndp->ni_vp, &nvap->na_vattr, cred, p); } + nvap->na_flags = savflags; VOP_VPUT_PAIR(ndp->ni_dvp, nd->nd_repstat == 0 ? &ndp->ni_vp : NULL, false); nfsvno_relpathbuf(ndp); diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c b/sys/fs/nfsserver/nfs_nfsdsubs.c index b09ec1b3a062..cc0e169af9b7 100644 --- a/sys/fs/nfsserver/nfs_nfsdsubs.c +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -1697,6 +1697,44 @@ nfsrv_fixattr(struct nfsrv_descript *nd, vnode_t vp, NFSCLRBIT_ATTRBIT(attrbitp, NFSATTRBIT_OWNERGROUP); } } + + /* + * For archive, ZFS sets it by default for new files, + * so if specified, it must be set or cleared. + * For hidden and system, no file system sets them + * by default upon creation, so they only need to be + * set and not cleared. + */ + if (NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_ARCHIVE)) { + if (nva.na_flags == VNOVAL) + nva.na_flags = 0; + if ((nvap->na_flags & UF_ARCHIVE) != 0) + nva.na_flags |= UF_ARCHIVE; + change++; + NFSSETBIT_ATTRBIT(&nattrbits, NFSATTRBIT_ARCHIVE); + } + if (NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_HIDDEN)) { + if ((nvap->na_flags & UF_HIDDEN) != 0) { + if (nva.na_flags == VNOVAL) + nva.na_flags = 0; + nva.na_flags |= UF_HIDDEN; + change++; + NFSSETBIT_ATTRBIT(&nattrbits, NFSATTRBIT_HIDDEN); + } else { + NFSCLRBIT_ATTRBIT(attrbitp, NFSATTRBIT_HIDDEN); + } + } + if (NFSISSET_ATTRBIT(attrbitp, NFSATTRBIT_SYSTEM)) { + if ((nvap->na_flags & UF_SYSTEM) != 0) { + if (nva.na_flags == VNOVAL) + nva.na_flags = 0; + nva.na_flags |= UF_SYSTEM; + change++; + NFSSETBIT_ATTRBIT(&nattrbits, NFSATTRBIT_SYSTEM); + } else { + NFSCLRBIT_ATTRBIT(attrbitp, NFSATTRBIT_SYSTEM); + } + } if (change) { error = nfsvno_setattr(vp, &nva, nd->nd_cred, p, exp); if (error) {