Differential D7891

Fix nfs 4.1 giving write delegation on a readonly filesystam
ClosedPublic
Actions

Authored by bapt on Sep 14 2016, 1:25 PM.

Details

Reviewers

rmacklem

Commits

rS307694: A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with

Summary

If delegation is enabled and code has a wrong statement that result in
issuing a write delegation on a readonly file.

Submitted by: Fatih ACAR <fatih.acar@gandi.net>

Test Plan

The following scripts allows to reproduce the issue (tested on a linux client)

#!/bin/sh
file="file="/srv/nfs/X.X.X.X_VFS_hosting-1463916/test"

if [ -f "$file" ]; then
	id # uid=0(root) gid=0(root) groups=0(root)
	content=`cat $file` # this will open the file and wrongly get write delegation for uid 0
	echo "file content: $content"
	stat "$file"
	# File: '/srv/nfs/X.X.X.X_VFS_hosting-1463916/test'
	# Size: 7         	Blocks: 1          IO Block: 131072 regular file
	# Device: 2bh/43d	Inode: 321333      Links: 1
	# Access: (0664/-rw-rw-r--)  Uid: ( 5101/hosting-db)   Gid: ( 5101/hosting-db)

	sleep 2
	echo "trying tee as hosting-db"
	su hosting-db -s /bin/bash -c 'echo blabbb | tee '$file'' # this will try to setattr using the cached write delegation with uid 0
	# should output: tee: /srv/nfs/X.X.X.X_VFS_hosting-1463916/test: Permission denied
fi

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bapt updated this revision to Diff 20342.Sep 14 2016, 1:25 PM

bapt retitled this revision from to Fix nfs 4.1 giving write delegation on a readonly filesystam.

bapt updated this object.

bapt edited the test plan for this revision. (Show Details)

bapt added a reviewer: rmacklem.

Herald added a subscriber: imp. · View Herald TranscriptSep 14 2016, 1:25 PM

bapt added a subscriber: fatih_gandi.net.Sep 18 2016, 4:43 PM

Well, I believe that the current behaviour (without this patch) is correct.
A write delegation delegates the file to the client so that it can Open the
file for reading and/or writing based on local permission checking (or by doing an
Access operation) against the server.
(A Read Delegation is almost useless to a client. All it allows is further read-only
Opens done locally.)
--> ie. Issuing a write delegation when a file is opened for reading is allowed

by the RFCs as far as I understand them and allows the client more
flexibility w.r.t. subsequent Opens done locally within the client.

By default the only times the server issues a Read Delegation is when the file
is exported Read-only to the client.

If you want the behaviour that you describe, change the value of
nfsrv_writedelegifpos (write delegation if possible) to 0.
(I didn't make this a sysctl, but I can see an argument for doing so.)
--> If Linux thinks issuing a write delegation is incorrect,

a sysctl to make it "LInux compatible" seems appropriate.

rick

Closed by commit rS307694: A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with (authored by rmacklem). · Explain WhyOct 20 2016, 11:53 PM

This revision was automatically updated to reflect the committed changes.

rmacklem mentioned this in rS307694: A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with.

Just fyi, the above commit to head (r307694) will be MFC'd in 2 weeks. It changes the default
behaviour to be Linux client compatible and adds a sysctl that can be used to enable the
non-Linux compatible behaviour.

rmacklem mentioned this in rS308239: MFC: r307694.Nov 3 2016, 12:50 AM

rmacklem mentioned this in rS308241: MFC: r307694.Nov 3 2016, 12:59 AM