| Message ID | 1397402659.6306.5.camel@leira.trondhjem.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
? 2014/4/13 23:24, Trond Myklebust ??: > On Sun, 2014-04-13 at 22:53 +0800, Kinglong Mee wrote: >> >> ? 2014/4/13 22:28, Trond Myklebust ??: >>> >>> On Apr 13, 2014, at 9:11, Kinglong Mee <kinglongmee@gmail.com> wrote: >>> >>>> After writing data at NFS client, file's access mode is inconsistent >>>> with server. >>>> Because WRITE proceduce changes the S_ISUID and S_ISGID bits, >>>> but client don't get it. >>>> >>>> #touch hello; chmod 06777 hello; stat hello; >>>> File: ‘hello’ >>>> Size: 0 Blocks: 0 IO Block: 262144 regular >>>> empty file >>>> Device: 24h/36d Inode: 786434 Links: 1 >>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>> Context: system_u:object_r:nfs_t:s0 >>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>> Modify: 2014-04-13 21:00:44.996908708 +0800 >>>> Change: 2014-04-13 21:00:45.033908705 +0800 >>>> Birth: - >>>> >>>> #echo 12324 > hello; stat hello; stat /nfstest/hello >>>> File: ‘hello’ >>>> Size: 6 Blocks: 0 IO Block: 262144 regular file >>>> Device: 24h/36d Inode: 786434 Links: 1 >>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>> ^^^^^ it should be 0777 >>>> Context: system_u:object_r:nfs_t:s0 >>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>> Birth: - >>>> File: ‘/nfstest/hello’ >>>> Size: 6 Blocks: 8 IO Block: 4096 regular file >>>> Device: 803h/2051d Inode: 786434 Links: 1 >>>> Access: (0777/-rwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>> ^^^^^ bits on the server >>>> Context: system_u:object_r:default_t:s0 >>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>> Birth: - >>>> > <snip> >>> >>> Instead of requesting a new attribute on each and every operation just in order to deal with an extremely rare corner case, is there any reason why we can’t just do this by checking should_remove_suid(), clearing the mode bits ourselves, and then marking the attributes for revalidation? >> > <snip> >> IMO, client shoulds get all metadatas from server, so, adds the flag. >> I think should_remove_suid() should be called by nfsd, not NFS client > > I agree with 50% of that statement. Please see below. > > 8<--------------------------------------------------------------------- >>From a7b05fc5fcb433e8cfca577c9275f2012b523ee8 Mon Sep 17 00:00:00 2001 > From: Trond Myklebust <trond.myklebust@primarydata.com> > Date: Sun, 13 Apr 2014 11:11:31 -0400 > Subject: [PATCH] NFS: Don't ignore suid/sgid bit changes after a successful > write > > If we suspect that the server may have cleared the suid/sgid bit, > then mark the inode for revalidation. When testing with this patch, should_remove_suid() always return false at client, but return true at NFS server. So that, NFS server clears the suid/sgid bit, but client also remains. thanks, Kinglong Mee > > Reported-by: Kinglong Mee <kinglongmee@gmail.com> > Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> > --- > fs/nfs/write.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/fs/nfs/write.c b/fs/nfs/write.c > index 9a3b6a4cd6b9..80b03e064a09 100644 > --- a/fs/nfs/write.c > +++ b/fs/nfs/write.c > @@ -1401,9 +1401,16 @@ void nfs_writeback_done(struct rpc_task *task, struct nfs_write_data *data) > } > } > #endif > - if (task->tk_status < 0) > + if (task->tk_status < 0) { > nfs_set_pgio_error(data->header, task->tk_status, argp->offset); > - else if (resp->count < argp->count) { > + return; > + } > + > + /* Deal with the suid/sgid bit corner case */ > + if (should_remove_suid(argp->context->dentry)) > + nfs_mark_for_revalidate(inode); > + > + if (resp->count < argp->count) { > static unsigned long complain; > > /* This a short write! */ > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Apr 14, 2014, at 8:59, Kinglong Mee <kinglongmee@gmail.com> wrote: > > > ? 2014/4/13 23:24, Trond Myklebust ??: >> On Sun, 2014-04-13 at 22:53 +0800, Kinglong Mee wrote: >>> >>> ? 2014/4/13 22:28, Trond Myklebust ??: >>>> >>>> On Apr 13, 2014, at 9:11, Kinglong Mee <kinglongmee@gmail.com> wrote: >>>> >>>>> After writing data at NFS client, file's access mode is inconsistent >>>>> with server. >>>>> Because WRITE proceduce changes the S_ISUID and S_ISGID bits, >>>>> but client don't get it. >>>>> >>>>> #touch hello; chmod 06777 hello; stat hello; >>>>> File: ‘hello’ >>>>> Size: 0 Blocks: 0 IO Block: 262144 regular >>>>> empty file >>>>> Device: 24h/36d Inode: 786434 Links: 1 >>>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>> Context: system_u:object_r:nfs_t:s0 >>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>> Modify: 2014-04-13 21:00:44.996908708 +0800 >>>>> Change: 2014-04-13 21:00:45.033908705 +0800 >>>>> Birth: - >>>>> >>>>> #echo 12324 > hello; stat hello; stat /nfstest/hello >>>>> File: ‘hello’ >>>>> Size: 6 Blocks: 0 IO Block: 262144 regular file >>>>> Device: 24h/36d Inode: 786434 Links: 1 >>>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>> ^^^^^ it should be 0777 >>>>> Context: system_u:object_r:nfs_t:s0 >>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>>> Birth: - >>>>> File: ‘/nfstest/hello’ >>>>> Size: 6 Blocks: 8 IO Block: 4096 regular file >>>>> Device: 803h/2051d Inode: 786434 Links: 1 >>>>> Access: (0777/-rwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>> ^^^^^ bits on the server >>>>> Context: system_u:object_r:default_t:s0 >>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>>> Birth: - >>>>> >> <snip> >>>> >>>> Instead of requesting a new attribute on each and every operation just in order to deal with an extremely rare corner case, is there any reason why we can’t just do this by checking should_remove_suid(), clearing the mode bits ourselves, and then marking the attributes for revalidation? >>> >> <snip> >>> IMO, client shoulds get all metadatas from server, so, adds the flag. >>> I think should_remove_suid() should be called by nfsd, not NFS client >> >> I agree with 50% of that statement. Please see below. >> >> 8<--------------------------------------------------------------------- >>> From a7b05fc5fcb433e8cfca577c9275f2012b523ee8 Mon Sep 17 00:00:00 2001 >> From: Trond Myklebust <trond.myklebust@primarydata.com> >> Date: Sun, 13 Apr 2014 11:11:31 -0400 >> Subject: [PATCH] NFS: Don't ignore suid/sgid bit changes after a successful >> write >> >> If we suspect that the server may have cleared the suid/sgid bit, >> then mark the inode for revalidation. > > When testing with this patch, should_remove_suid() always return false > at client, but return true at NFS server. > > So that, NFS server clears the suid/sgid bit, but client also remains. Are you running the test as root? The only explanation I can see for should_remove_suid() failing is if the ‘CAP_FSETID’ capability is set.
? 2014/4/14 21:12, Trond Myklebust ??: > > On Apr 14, 2014, at 8:59, Kinglong Mee <kinglongmee@gmail.com> wrote: > >> >> >> ? 2014/4/13 23:24, Trond Myklebust ??: >>> On Sun, 2014-04-13 at 22:53 +0800, Kinglong Mee wrote: >>>> >>>> ? 2014/4/13 22:28, Trond Myklebust ??: >>>>> >>>>> On Apr 13, 2014, at 9:11, Kinglong Mee <kinglongmee@gmail.com> wrote: >>>>> >>>>>> After writing data at NFS client, file's access mode is inconsistent >>>>>> with server. >>>>>> Because WRITE proceduce changes the S_ISUID and S_ISGID bits, >>>>>> but client don't get it. >>>>>> >>>>>> #touch hello; chmod 06777 hello; stat hello; >>>>>> File: ‘hello’ >>>>>> Size: 0 Blocks: 0 IO Block: 262144 regular >>>>>> empty file >>>>>> Device: 24h/36d Inode: 786434 Links: 1 >>>>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>>> Context: system_u:object_r:nfs_t:s0 >>>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>>> Modify: 2014-04-13 21:00:44.996908708 +0800 >>>>>> Change: 2014-04-13 21:00:45.033908705 +0800 >>>>>> Birth: - >>>>>> >>>>>> #echo 12324 > hello; stat hello; stat /nfstest/hello >>>>>> File: ‘hello’ >>>>>> Size: 6 Blocks: 0 IO Block: 262144 regular file >>>>>> Device: 24h/36d Inode: 786434 Links: 1 >>>>>> Access: (6777/-rwsrwsrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>>> ^^^^^ it should be 0777 >>>>>> Context: system_u:object_r:nfs_t:s0 >>>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>>>> Birth: - >>>>>> File: ‘/nfstest/hello’ >>>>>> Size: 6 Blocks: 8 IO Block: 4096 regular file >>>>>> Device: 803h/2051d Inode: 786434 Links: 1 >>>>>> Access: (0777/-rwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root) >>>>>> ^^^^^ bits on the server >>>>>> Context: system_u:object_r:default_t:s0 >>>>>> Access: 2014-04-13 21:00:44.996908708 +0800 >>>>>> Modify: 2014-04-13 21:00:45.061908703 +0800 >>>>>> Change: 2014-04-13 21:00:45.061908703 +0800 >>>>>> Birth: - >>>>>> >>> <snip> >>>>> >>>>> Instead of requesting a new attribute on each and every operation just in order to deal with an extremely rare corner case, is there any reason why we can’t just do this by checking should_remove_suid(), clearing the mode bits ourselves, and then marking the attributes for revalidation? >>>> >>> <snip> >>>> IMO, client shoulds get all metadatas from server, so, adds the flag. >>>> I think should_remove_suid() should be called by nfsd, not NFS client >>> >>> I agree with 50% of that statement. Please see below. >>> >>> 8<--------------------------------------------------------------------- >>>> From a7b05fc5fcb433e8cfca577c9275f2012b523ee8 Mon Sep 17 00:00:00 2001 >>> From: Trond Myklebust <trond.myklebust@primarydata.com> >>> Date: Sun, 13 Apr 2014 11:11:31 -0400 >>> Subject: [PATCH] NFS: Don't ignore suid/sgid bit changes after a successful >>> write >>> >>> If we suspect that the server may have cleared the suid/sgid bit, >>> then mark the inode for revalidation. >> >> When testing with this patch, should_remove_suid() always return false >> at client, but return true at NFS server. >> >> So that, NFS server clears the suid/sgid bit, but client also remains. > > Are you running the test as root? The only explanation I can see for should_remove_suid() failing is if the ‘CAP_FSETID’ capability is set. I test it with non-root user, should_remove_suid() also return 0. thanks, Kinglong Mee -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/nfs/write.c b/fs/nfs/write.c index 9a3b6a4cd6b9..80b03e064a09 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -1401,9 +1401,16 @@ void nfs_writeback_done(struct rpc_task *task, struct nfs_write_data *data) } } #endif - if (task->tk_status < 0) + if (task->tk_status < 0) { nfs_set_pgio_error(data->header, task->tk_status, argp->offset); - else if (resp->count < argp->count) { + return; + } + + /* Deal with the suid/sgid bit corner case */ + if (should_remove_suid(argp->context->dentry)) + nfs_mark_for_revalidate(inode); + + if (resp->count < argp->count) { static unsigned long complain; /* This a short write! */