Date: Mon, 25 Nov 2024 15:57:05 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Michael Proto <mike@jellydonut.org> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: 14.1 NFS / mountd : -alldirs not working as expected Message-ID: <CAM5tNy6G4FgS=YAjsM4iD9jjHSHfiYbSadb7p0C%2BsFXASL-iCQ@mail.gmail.com> In-Reply-To: <CAM5tNy6J6Lcj4HAP%2B=6fmEUyzFOrdSeMDhchxRNsLB6ZhGUubA@mail.gmail.com> References: <CAGAnWo3=mWG70R3k7rP8U0Gh7aWpTvFc5u2GLDWV=vQo38fX6Q@mail.gmail.com> <CAM5tNy6J6Lcj4HAP%2B=6fmEUyzFOrdSeMDhchxRNsLB6ZhGUubA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 25, 2024 at 2:55=E2=80=AFPM Rick Macklem <rick.macklem@gmail.co=
m> wrote:
>
> On Wed, Nov 20, 2024 at 8:01=E2=80=AFPM Michael Proto <mike@jellydonut.or=
g> wrote:
> >
> > Hello all,
> >
> > Running into an issue with a 14.1 server that I think is a bug, though
> > it may be me not interpreting documentation correctly so I wanted to
> > ask here.
> >
> > Using NFSv3, with FreeBSD 14.1 as the NFS server. Based on what I see
> > in exports(5), if I want to export conditional mounts (IE filesystem
> > paths that are intermittently mounted locally on server) I should use
> > -alldirs and specify the mount-point as the export. Per the manpage,
> > this export should only be accessible when the exported directory is
> > actually the root of a mounted filesystem. Currently if mountd is
> > HUPed while the export isn't a filesystem mount I get the warning
> > about exporting the filesystem "below" the export (root-FS in this
> > case) and I can actually mount the root-FS from the client, instead of
> > getting an error as I would expect. Using the specific example for a
> > sometimes-mounted /cdrom in exports(5) can demonstrate this behavior.
Just fyi, I also plan on coming up with a patch for exports(5) to make the
correct semantics of -alldirs clearer. It only explains that -alldirs
is only supposed
to work on mount points in the examples section. It took me a couple of
passes through it before I spotted it and realized this is a bug.
rick
> >
> > /etc/rc.conf :
> > nfs_server_enable=3D"YES"
> > rpcbind_enable=3D"YES"
> > rpc_statd_enable=3D"YES"
> > rpc_lockd_enable=3D"YES"
> > mountd_enable=3D"YES"
> >
> > /etc/exports :
> > /cdrom -alldirs,quiet,ro -network=3D10.0.0.0/24
> >
> > (at this time /cdrom exists as a directory but is not currently a
> > filesystem mount point)
> > on the server:
> > root@zfstest1:~ # killall -HUP mountd
> >
> > /var/log/messages:
> > Nov 20 22:34:56 zfstest1 mountd[27724]: Warning: exporting /cdrom
> > exports entire / file system
> I took a closer look and this is a bug. It appears that -alldirs is suppo=
sed
> to fail when a non-mountpoint is exported.
>
> It appears to have been introduced to the system long ago, although I
> haven't yet tracked down the commit.
>
> mountd.c assumes that nmount(8) will fail when the directory path
> is not a mount point, however for MNT_UPDATE (which is what is
> used to export file systems) this is not the case.
>
> Please create a bugzilla bug report for this and I will work on a patch.
>
> Btw, quiet is also broken in the sense that it will cause any nmount(8)
> failure to fail. However, since nmount(8) does not fail for this case,
> it hardly matters. I will come up with a patch for this too, since it is
> easy to fix.
>
> Thanks for reporting this, rick
>
> >
> > root@zfstest1:~ # showmount -e
> > Exports list on localhost:
> > /cdrom 10.0.0.0
> >
> >
> > on a client, I can now mount "/" from my server zfstest1:
> >
> > root@client1:~ # mount -r -t nfs zfstest1:/ /mnt
> > root@client1:~ # mount | tail -n1
> > zfstest1:/ on /mnt (nfs, read-only)
> >
> > The root-FS of zfstest1 is indeed visible in /mnt on client1
> >
> > From what I see in /usr/src/usr.sbin/mountd/mountd.c this isn't
> > supposed to happen (I'm no C programmer but this did read something
> > like I should receive an export error from mountd when I send a HUP):
> > ...
> > } else if (!strcmp(cpopt, "alldirs")) {
> > opt_flags |=3D OP_ALLDIRS;
> > ...
> > if (opt_flags & OP_ALLDIRS) {
> > if (errno =3D=3D EINVAL)
> > syslog(LOG_ERR,
> > "-alldirs requested but %s is not a filesystem mountpoi=
nt",
> > dirp);
> > else
> > syslog(LOG_ERR,
> > "could not remount =
%s: %m",
> > dirp);
> > ret =3D 1;
> > goto error_exit;
> > }
> >
> > I suspect this code path isn't being hit since I'm getting the mountd
> > warning I referenced above instead of this error. This appears to be a
> > possible recurrence of a very old bug that depicts similar behavior :
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D170413
> > While it appears the "-sec" issue referenced in that bug is fixed in
> > the listed PRs I didn't see anything on this -alldirs issue that's
> > also mentioned there, maybe that's why I'm running into this now?
> >
> > I'd be totally unsurprised if my /etc/exports file isn't configured
> > correctly, but I reduced my setup to just the example in the exports
> > man page and I'm struggling to determine how to interpret that
> > information differently. I also tried an export of /cdrom with only
> > "-alldirs" as an option and I get the same behavior. Ideas?
> >
> >
> > Thanks,
> > Michael Proto
> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy6G4FgS=YAjsM4iD9jjHSHfiYbSadb7p0C%2BsFXASL-iCQ>