Control: tag -1 moreinfo On Mon, 2017-01-09 at 16:24 +0100, Christoph Martin wrote: > Package: src:linux > Version: 4.8.11-1~bpo8+1 > Severity: important > > after upgrading from kernel 4.7 to 4.8 nfs mounts of shares with > group permissions (on a Netapp filer) via a nfs referral server > are not anymore mountable using nfs4.1 and kerberos. > > This seams to be caused by the following upstream patch to VFS: > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8-rc1&id=a867d7349e94b6409b08629886a819f802377e91 But that's a merge commit. The patch you see is the combination of a long series of separate patches. Can you test whether the attached revert patch also fixes this? > We verified the problem by applying the patch to a 4.7 kernel. > > In our setup we have several thousand user and group directories/shares on > multiple Netapp filers which get mapped into a unique filespace via an > NFS referral server. > > With kernels up to 4.7 on login of a user the respective home directory was > mounted with the kerberos ticket of the user from kernel automounter. > The group > directories were also automatically mounted via kernel automounter. [...] What does the client see as being the user-owner of the group directories? Ben. -- Ben Hutchings In a hierarchy, every employee tends to rise to his level of incompetence.
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 9 Jan 2017 16:12:46 +0000
Subject: [PATCH] Revert "vfs: Don't modify inodes with a uid or gid unknown to
the vfs"
Bug-Debian: https://bugs.debian.org/850713
This reverts commit 0bd23d09b874e53bd1a2fe2296030aa2720d7b08.
---
fs/attr.c | 8 --------
fs/inode.c | 7 -------
fs/namei.c | 26 +++++---------------------
fs/xattr.c | 7 -------
include/linux/fs.h | 5 -----
5 files changed, 5 insertions(+), 48 deletions(-)
diff --git a/fs/attr.c b/fs/attr.c
index 3c42cab06b5d..d0cfc56ca7f9 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -281,14 +281,6 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de
!kgid_has_mapping(inode->i_sb->s_user_ns, attr->ia_gid))
return -EOVERFLOW;
- /* Don't allow modifications of files with invalid uids or
- * gids unless those uids & gids are being made valid.
- */
- if (!(ia_valid & ATTR_UID) && !uid_valid(inode->i_uid))
- return -EOVERFLOW;
- if (!(ia_valid & ATTR_GID) && !gid_valid(inode->i_gid))
- return -EOVERFLOW;
-
error = security_inode_setattr(dentry, attr);
if (error)
return error;
diff --git a/fs/inode.c b/fs/inode.c
index 7e3ef3af3db9..cfd148f623ac 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1619,13 +1619,6 @@ bool atime_needs_update(const struct path *path, struct inode *inode)
if (inode->i_flags & S_NOATIME)
return false;
-
- /* Atime updates will likely cause i_uid and i_gid to be written
- * back improprely if their true value is unknown to the vfs.
- */
- if (HAS_UNMAPPED_ID(inode))
- return false;
-
if (IS_NOATIME(inode))
return false;
if ((inode->i_sb->s_flags & MS_NODIRATIME) && S_ISDIR(inode->i_mode))
diff --git a/fs/namei.c b/fs/namei.c
index adb04146df09..cb28e130c06f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -411,14 +411,6 @@ int __inode_permission(struct inode *inode, int mask)
*/
if (IS_IMMUTABLE(inode))
return -EPERM;
-
- /*
- * Updating mtime will likely cause i_uid and i_gid to be
- * written back improperly if their true value is unknown
- * to the vfs.
- */
- if (HAS_UNMAPPED_ID(inode))
- return -EACCES;
}
retval = do_inode_permission(inode, mask);
@@ -2758,11 +2750,10 @@ EXPORT_SYMBOL(__check_sticky);
* c. have CAP_FOWNER capability
* 6. If the victim is append-only or immutable we can't do antyhing with
* links pointing to it.
- * 7. If the victim has an unknown uid or gid we can't change the inode.
- * 8. If we were asked to remove a directory and victim isn't one - ENOTDIR.
- * 9. If we were asked to remove a non-directory and victim isn't one - EISDIR.
- * 10. We can't remove a root or mountpoint.
- * 11. We don't allow removal of NFS sillyrenamed files; it's handled by
+ * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
+ * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
+ * 9. We can't remove a root or mountpoint.
+ * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
* nfs_async_unlink().
*/
static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
@@ -2784,7 +2775,7 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
return -EPERM;
if (check_sticky(dir, inode) || IS_APPEND(inode) ||
- IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
+ IS_IMMUTABLE(inode) || IS_SWAPFILE(inode))
return -EPERM;
if (isdir) {
if (!d_is_dir(victim))
@@ -4165,13 +4156,6 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
*/
if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
return -EPERM;
- /*
- * Updating the link count will likely cause i_uid and i_gid to
- * be writen back improperly if their true value is unknown to
- * the vfs.
- */
- if (HAS_UNMAPPED_ID(inode))
- return -EPERM;
if (!dir->i_op->link)
return -EPERM;
if (S_ISDIR(inode->i_mode))
diff --git a/fs/xattr.c b/fs/xattr.c
index c243905835ab..4beafc43daa5 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -38,13 +38,6 @@ xattr_permission(struct inode *inode, const char *name, int mask)
if (mask & MAY_WRITE) {
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
return -EPERM;
- /*
- * Updating an xattr will likely cause i_uid and i_gid
- * to be writen back improperly if their true value is
- * unknown to the vfs.
- */
- if (HAS_UNMAPPED_ID(inode))
- return -EPERM;
}
/*
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 7c391366fb43..14e4701c6c23 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1872,11 +1872,6 @@ struct super_operations {
#define IS_WHITEOUT(inode) (S_ISCHR(inode->i_mode) && \
(inode)->i_rdev == WHITEOUT_DEV)
-static inline bool HAS_UNMAPPED_ID(struct inode *inode)
-{
- return !uid_valid(inode->i_uid) || !gid_valid(inode->i_gid);
-}
-
/*
* Inode state bits. Protected by inode->i_lock
*
Attachment:
signature.asc
Description: This is a digitally signed message part