| Message ID | 20230907-kdevops-v1-1-c2015c29d634@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [RFC] nfs4: add a get_acl stub handler | expand |
On Thu, Sep 07, 2023 at 01:32:36PM -0400, Jeff Layton wrote: > In older kernels, attempting to fetch that system.posix_acl_access on > NFSv4 would return -EOPNOTSUPP, but in more recent kernels that returns > -ENODATA. > > Most filesystems that don't support POSIX ACLs leave the SB_POSIXACL > flag clear, which cues the VFS to return -EOPNOTSUPP in this situation. > We can't do that with NFSv4 since that flag also cues the VFS to avoid > applying the umask early. > > Fix this by adding a stub get_acl handler for NFSv4 that always returns > -EOPNOTSUPP. > > Reported-by: Ondrej Valousek <ondrej.valousek.xm@renesas.com> > Signed-off-by: Jeff Layton <jlayton@kernel.org> > --- > I suspect that this problem popped in due to some VFS layer changes. I > haven't identified the patch that broke it, but I think this is probably > the least invasive way to fix it. > > Another alternative would be to return -EOPNOTSUPP on filesystems that > set SB_POSIXACL but that don't set get_acl or get_inode_acl. > > Thoughts? Yes: I hate POSIX ACLs. ;) Before the VFS rework to only rely on i_op->*acl* methods POSIX ACLs were set using sb->s_xattr handlers. So when a filesystem raised SB_POSIXACL but didn't set sb->s_xattr handlers for POSIX ACLs we would: __vfs_getxattr() -> xattr_resolve_name() // no match so return EOPNOTSUPP No we have vfs_get_acl() -> __get_acl() -> i_op->get_acl // no get_acl inode method return ENODATA So as a bugfix to backport I think you should do exactly what you do here because I'm not sure if some fs relies on ENODATA to be returned if no get_acl inode method is set. There's a lot of quirkiness everywhere. But we should look through all callers and if nothing relies on EINVAL just start returning EOPNOTSUPP if no get_acl i_op is set. Looks good to me, Acked-by: Christian Brauner <brauner@kernel.org>
On Fri, 2023-09-08 at 14:55 +0200, Christian Brauner wrote: > On Thu, Sep 07, 2023 at 01:32:36PM -0400, Jeff Layton wrote: > > In older kernels, attempting to fetch that system.posix_acl_access on > > NFSv4 would return -EOPNOTSUPP, but in more recent kernels that returns > > -ENODATA. > > > > Most filesystems that don't support POSIX ACLs leave the SB_POSIXACL > > flag clear, which cues the VFS to return -EOPNOTSUPP in this situation. > > We can't do that with NFSv4 since that flag also cues the VFS to avoid > > applying the umask early. > > > > Fix this by adding a stub get_acl handler for NFSv4 that always returns > > -EOPNOTSUPP. > > > > Reported-by: Ondrej Valousek <ondrej.valousek.xm@renesas.com> > > Signed-off-by: Jeff Layton <jlayton@kernel.org> > > --- > > I suspect that this problem popped in due to some VFS layer changes. I > > haven't identified the patch that broke it, but I think this is probably > > the least invasive way to fix it. > > > > Another alternative would be to return -EOPNOTSUPP on filesystems that > > set SB_POSIXACL but that don't set get_acl or get_inode_acl. > > > > Thoughts? > > Yes: I hate POSIX ACLs. ;) The API is quite weird, yes. > Before the VFS rework to only rely on i_op->*acl* methods POSIX ACLs > were set using sb->s_xattr handlers. So when a filesystem raised > SB_POSIXACL but didn't set sb->s_xattr handlers for POSIX ACLs we would: > > __vfs_getxattr() > -> xattr_resolve_name() > // no match so return EOPNOTSUPP > > No we have > > vfs_get_acl() > -> __get_acl() > -> i_op->get_acl > // no get_acl inode method return ENODATA > > So as a bugfix to backport I think you should do exactly what you do > here because I'm not sure if some fs relies on ENODATA to be returned if > no get_acl inode method is set. There's a lot of quirkiness everywhere. > But we should look through all callers and if nothing relies on EINVAL > just start returning EOPNOTSUPP if no get_acl i_op is set. > > Looks good to me, > Acked-by: Christian Brauner <brauner@kernel.org> Thanks. I did some rudimentary git grepping, and I don't see any that set SB_POSIXACL but don't set either get_acl or get_inode_acl. I'll spin up a patch and we can get it into -next for a while and see if anything shakes out.
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 794343790ea8..93f3caf4ec08 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -10621,6 +10621,12 @@ static void nfs4_disable_swap(struct inode *inode) nfs4_schedule_state_manager(clp); } +static struct posix_acl *nfs4_get_posix_acl(struct mnt_idmap *idmap, struct dentry *dentry, + int type) +{ + return ERR_PTR(-EOPNOTSUPP); +} + static const struct inode_operations nfs4_dir_inode_operations = { .create = nfs_create, .lookup = nfs_lookup, @@ -10636,6 +10642,7 @@ static const struct inode_operations nfs4_dir_inode_operations = { .getattr = nfs_getattr, .setattr = nfs_setattr, .listxattr = nfs4_listxattr, + .get_acl = nfs4_get_posix_acl, }; static const struct inode_operations nfs4_file_inode_operations = { @@ -10643,6 +10650,7 @@ static const struct inode_operations nfs4_file_inode_operations = { .getattr = nfs_getattr, .setattr = nfs_setattr, .listxattr = nfs4_listxattr, + .get_acl = nfs4_get_posix_acl, }; const struct nfs_rpc_ops nfs_v4_clientops = {
In older kernels, attempting to fetch that system.posix_acl_access on NFSv4 would return -EOPNOTSUPP, but in more recent kernels that returns -ENODATA. Most filesystems that don't support POSIX ACLs leave the SB_POSIXACL flag clear, which cues the VFS to return -EOPNOTSUPP in this situation. We can't do that with NFSv4 since that flag also cues the VFS to avoid applying the umask early. Fix this by adding a stub get_acl handler for NFSv4 that always returns -EOPNOTSUPP. Reported-by: Ondrej Valousek <ondrej.valousek.xm@renesas.com> Signed-off-by: Jeff Layton <jlayton@kernel.org> --- I suspect that this problem popped in due to some VFS layer changes. I haven't identified the patch that broke it, but I think this is probably the least invasive way to fix it. Another alternative would be to return -EOPNOTSUPP on filesystems that set SB_POSIXACL but that don't set get_acl or get_inode_acl. Thoughts? --- fs/nfs/nfs4proc.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- base-commit: c0894ef10b846fd4a74a670cbec2483246030e06 change-id: 20230907-kdevops-d311e57bf5d2 Best regards,