Page MenuHomeFreeBSD
Feed Advanced Search

Today

rmacklem committed rG22d2336252c9: RELNOTES: Add entry for commit ead3cd3ef628 (authored by rmacklem).
RELNOTES: Add entry for commit ead3cd3ef628
Mon, Jan 20, 12:12 AM
rmacklem committed rG2cd9a4f0c229: exports.5: Document the current behavior of -alldirs (authored by rmacklem).
exports.5: Document the current behavior of -alldirs
Mon, Jan 20, 12:01 AM

Yesterday

rmacklem committed rG3ac1af1c0f07: mound.8: Document the new -a command line option (authored by rmacklem).
mound.8: Document the new -a command line option
Sun, Jan 19, 11:59 PM
rmacklem committed rGead3cd3ef628: mountd.c: Define a new -a command line option (authored by rmacklem).
mountd.c: Define a new -a command line option
Sun, Jan 19, 11:56 PM

Fri, Jan 17

rmacklem committed rG194242604ae4: nfscl: Simplify the deleg argument for nfscl_deleg() (authored by rmacklem).
nfscl: Simplify the deleg argument for nfscl_deleg()
Fri, Jan 17, 8:30 PM

Thu, Jan 16

rmacklem accepted D48452: stat(2): add st_filerev.
Thu, Jan 16, 4:14 AM

Wed, Jan 15

rmacklem added a comment to D48452: stat(2): add st_filerev.
In D48452#1105618, @kib wrote:

Zero st_filerev in vop_stat_helper_pre().
Zero va_filerev before calling VOP_GETATTR() in vfs_stdstat()

Wed, Jan 15, 10:00 PM

Tue, Jan 14

rmacklem added a comment to D48452: stat(2): add st_filerev.

I'm OK with these changes as they are.

That said, even if I agree there is, e.g., a bug in fusefs as mentioned in inline comments, I'm still wondering how to prevent non-initialized fields bugs in the VFS in a more general fashion. It's unfortunate that C does not allow to specify a default initializer per type. Maybe a follow-up attempt creating a new pre for VOP_GETATTR() would do good, although it will show up as not optimal as the compiler can't elide useless pre-initialization in it (for fields that are effectively filled by the FS' VOP_GETATTR() implementation). We would need a slightly different implementation for it to be able to perform such elisions.

Tue, Jan 14, 10:39 PM
rmacklem committed rG1cd455f39d88: fs: Add new VFCF_xxx flags for va_filerev (authored by rmacklem).
fs: Add new VFCF_xxx flags for va_filerev
Tue, Jan 14, 10:12 PM
rmacklem closed D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.
Tue, Jan 14, 10:12 PM
rmacklem added a comment to D48452: stat(2): add st_filerev.

Since st_filerev provides similar information to st_gen, should it also be guarded by PRIV_VFS_GENERATION in vop_stat_helper_post? And does it warrant mention in stat.2 ?

Tue, Jan 14, 1:52 AM

Mon, Jan 13

rmacklem updated the diff for D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.

Add an additional flag for the case where ctime is used
to set va_filerev.

Mon, Jan 13, 11:24 PM
rmacklem added a comment to D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.
In D48436#1105038, @kib wrote:

I see that msdosfs did not update de_modrev, If I fix msdosfs and tmpfs to update vs_filerev, do we still need the flag? Or is it better to keep tmpfs/msdosfs as is and go ahead with the flag?

Mon, Jan 13, 12:33 AM
rmacklem added a comment to D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.

fusefs currently doesn't set va_filerev at all. I can fix that. But with fuse, ctime updates can come from either the kernel or the server. So the easiest solution would probably be to make va_filerev be a function of ctime. Would that work with the Linux client, assuming we set NFS4_CHANGE_TYPE_IS_TIME_METADATA ?

Mon, Jan 13, 12:29 AM

Sun, Jan 12

rmacklem added a comment to D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.
In D48436#1105027, @kib wrote:

And where is the use of the new flag?
Also, what writable and exportable filesystems do not increment va_filerev on changes? I looked and only seems to find smbfs and tmpfs. It might be simpler to fix tmpfs than adding a flag.

Sun, Jan 12, 11:26 PM
rmacklem requested review of D48436: Add VFCF_FILEREVINC to indicate a file system increments va_filerev by one.
Sun, Jan 12, 9:55 PM

Fri, Jan 10

rmacklem committed rG84de8c51d1a0: nfsd: Add vfs.nfsd.testing_disable_grace sysctl (authored by rmacklem).
nfsd: Add vfs.nfsd.testing_disable_grace sysctl
Fri, Jan 10, 2:51 PM
rmacklem committed rGf9f0a1d61c7b: nfscl: Fix a crash when a readdir entry has nul in it (authored by rmacklem).
nfscl: Fix a crash when a readdir entry has nul in it
Fri, Jan 10, 3:57 AM

Tue, Dec 31

rmacklem committed rG9a8e9b2a79e1: RELNOTES: Add an entry for commit 07cd69e272da (authored by rmacklem).
RELNOTES: Add an entry for commit 07cd69e272da
Tue, Dec 31, 1:58 AM

Sat, Dec 28

rmacklem closed D48139: exports.5: Document correct behaviour for -alldirs.
Sat, Dec 28, 9:52 PM
rmacklem committed rG295934eaa92c: exports.5: Document the current behavior of -alldirs (authored by rmacklem).
exports.5: Document the current behavior of -alldirs
Sat, Dec 28, 9:52 PM
rmacklem committed rG6db916d21a09: mound.8: Document the new -a command line option (authored by rmacklem).
mound.8: Document the new -a command line option
Sat, Dec 28, 9:32 PM
rmacklem closed D48138: mountd.8: Document the new -a mountd option.
Sat, Dec 28, 9:32 PM
rmacklem committed rG07cd69e272da: mountd.c: Define a new -a command line option (authored by rmacklem).
mountd.c: Define a new -a command line option
Sat, Dec 28, 9:26 PM
rmacklem closed D48137: mountd.c: Add a new "-a" command line option for -alldris.
Sat, Dec 28, 9:26 PM

Fri, Dec 27

rmacklem added a comment to D48198: fusefs: better test coverage for NFS-exported fuse file systems.

Exports, mountd and nfsd can be done in a vnet jail, if that would help?

It certainly would help. Are there any good examples of code that creates a temporary vnet jail with nfs inside?

Fri, Dec 27, 3:44 AM
rmacklem added a comment to D48198: fusefs: better test coverage for NFS-exported fuse file systems.

I'm not sure I would have called the nfsd "odd". It is one of two
consumers of the VFS/VOP interface (I suppose you might call
the stacked file systems consumers as well?).

Being one of the two, it is definitely different than the local syscall
interface.

But, anyhow, it is definitely different than the local syscall interface
and not just not using VOP_OPEN/VOP_CLOSE. It uses VOP_LOOKUP,
but in a different way than the local syscalls, particularly w.r.t. name caching,
as another example.

I've noticed that nfsd will do VOP_LOOKUP calls for ".". Are there any other ways that it differs?

Not w.r.t. what it looks up, but in how it is set up.
Compare nfsvno_namei() with namei() in kern/vfs_lookup.c,
for instance.

Fri, Dec 27, 12:57 AM
rmacklem added a comment to D48198: fusefs: better test coverage for NFS-exported fuse file systems.

I'm not sure I would have called the nfsd "odd". It is one of two
consumers of the VFS/VOP interface (I suppose you might call
the stacked file systems consumers as well?).

Fri, Dec 27, 12:01 AM

Wed, Dec 25

rmacklem committed rG0a9808eb751f: mount_nfs.8: Document the new "mountport" NFS mount option (authored by rmacklem).
mount_nfs.8: Document the new "mountport" NFS mount option
Wed, Dec 25, 1:51 AM
rmacklem committed rG400fcd1d4fc8: mount_nfs.c: Add an NFS mount option to set a port# for Mount (authored by rmacklem).
mount_nfs.c: Add an NFS mount option to set a port# for Mount
Wed, Dec 25, 1:46 AM

Dec 20 2024

rmacklem committed rGefe6a0997383: fs: Add static asserts for the size of fid structures (authored by rmacklem).
fs: Add static asserts for the size of fid structures
Dec 20 2024, 10:09 PM

Dec 19 2024

rmacklem requested review of D48139: exports.5: Document correct behaviour for -alldirs.
Dec 19 2024, 12:52 AM
rmacklem requested review of D48138: mountd.8: Document the new -a mountd option.
Dec 19 2024, 12:47 AM
rmacklem requested review of D48137: mountd.c: Add a new "-a" command line option for -alldris.
Dec 19 2024, 12:44 AM

Dec 15 2024

rmacklem accepted D48093: RELNOTES: Document file handle layout changes.

Looks fine to me.

Dec 15 2024, 9:32 PM

Dec 11 2024

rmacklem committed rGaf66ffbf69e4: RELNOTES: Add an entry for commit 0e8a36a2ab12 (authored by rmacklem).
RELNOTES: Add an entry for commit 0e8a36a2ab12
Dec 11 2024, 11:27 PM
rmacklem committed rG91a74536a159: mount_nfs.8: Document the new "mountport" NFS mount option (authored by rmacklem).
mount_nfs.8: Document the new "mountport" NFS mount option
Dec 11 2024, 11:19 PM
rmacklem closed D47849: update mount_nfs.8 for the new mountport option.
Dec 11 2024, 11:19 PM
rmacklem committed rG0e8a36a2ab12: mount_nfs.c: Add an NFS mount option to set a port# for Mount (authored by rmacklem).
mount_nfs.c: Add an NFS mount option to set a port# for Mount
Dec 11 2024, 11:08 PM
rmacklem closed D47743: Add a new NFS mount option to specify the Mount protocol port#.
Dec 11 2024, 11:08 PM

Dec 9 2024

rmacklem accepted D47954: tarfs: 'struct tarfs_fid': Switch 'gen' to 'u_int', avoid packing.
Dec 9 2024, 2:46 PM

Dec 8 2024

rmacklem committed rGf6245e432208: nfs_commonsubs.c: Make all upper case user domain work (authored by rmacklem).
nfs_commonsubs.c: Make all upper case user domain work
Dec 8 2024, 1:51 AM
rmacklem committed rG7a4f370a352f: nfs_commonsubs.c: Make all upper case user domain work (authored by rmacklem).
nfs_commonsubs.c: Make all upper case user domain work
Dec 8 2024, 1:43 AM
rmacklem committed rG9d1d9fe0a077: nfs: Add support for the NFSv4.2 mode_umask attribute (authored by rmacklem).
nfs: Add support for the NFSv4.2 mode_umask attribute
Dec 8 2024, 1:39 AM

Dec 7 2024

rmacklem added a comment to D47956: tmpfs: Rework file handles.

Oh, and I think just copying fid_data would fix cd9660
as well, for those who don't like __packed.

Dec 7 2024, 8:48 PM
rmacklem added a comment to D47956: tmpfs: Rework file handles.

Btw, I replaced "sizeof(struct fid)" with MAXFIDSZ in the _Static_assert()
and it passed (at least for amd64).

Dec 7 2024, 8:43 PM
rmacklem added a comment to D47956: tmpfs: Rework file handles.

Good catch w.r.t. the _Static_assert(). It does need to be fixed,
even if these changes don't go in.

Dec 7 2024, 4:05 PM
rmacklem added a comment to D47956: tmpfs: Rework file handles.

I'll leave it someone familiar with tmpfs to decide if having
tn_gen wrap around to zero is a real concern.

Dec 7 2024, 4:03 PM
rmacklem added inline comments to D47954: tarfs: 'struct tarfs_fid': Switch 'gen' to 'u_int', avoid packing.
Dec 7 2024, 3:57 PM
rmacklem added a comment to D47879: cd9660: Make sure that struct ifid fits in generic filehandle structure.

Just fyi, whenever the "struct fid" changes, the file handles
change. As such, an upgrade of the NFS server requires that
all clients be unmounted/remounted.

Dec 7 2024, 6:00 AM

Dec 6 2024

rmacklem updated the diff for D47743: Add a new NFS mount option to specify the Mount protocol port#.

Added upper bound check for port# as suggested
by delphi@.

Dec 6 2024, 11:57 PM
rmacklem accepted D47955: ext2fs: 'struct ufid': Re-order fields and unpack.

Looks fine to me.

Dec 6 2024, 11:33 PM
rmacklem committed rG4db1b113b151: tarfs: Fix the size of struct tarfs_fid and add a static assert (authored by rmacklem).
tarfs: Fix the size of struct tarfs_fid and add a static assert
Dec 6 2024, 2:12 AM
rmacklem committed rGbfc8e3308bee: ext2fs: Fix the size of struct ufid and add a static assert (authored by rmacklem).
ext2fs: Fix the size of struct ufid and add a static assert
Dec 6 2024, 2:06 AM
rmacklem committed rG91b5592a1e1a: fs: Add static asserts for the size of fid structures (authored by rmacklem).
fs: Add static asserts for the size of fid structures
Dec 6 2024, 1:58 AM
rmacklem closed D47936: Add _Static_asserts to check that file system fid structures are not larger than struct fid.
Dec 6 2024, 1:58 AM
rmacklem added a comment to D47879: cd9660: Make sure that struct ifid fits in generic filehandle structure.

Btw, ext2fs and tarfs both are broken w.r.t. *fid size.

Dec 6 2024, 1:48 AM

Dec 5 2024

rmacklem updated the summary of D47936: Add _Static_asserts to check that file system fid structures are not larger than struct fid.
Dec 5 2024, 11:46 PM
rmacklem requested review of D47936: Add _Static_asserts to check that file system fid structures are not larger than struct fid.
Dec 5 2024, 11:31 PM

Dec 3 2024

rmacklem added a comment to D47879: cd9660: Make sure that struct ifid fits in generic filehandle structure.
In D47879#1091920, @kib wrote:

I think more relevant question there are compilers generate proper code to access unaligned ifid_ino and ifid_start on sensitive arches.

They have to, else the packed attribute would just be useless. Bugs should be filed against those that don't.

Yes, that would be a major compiler bug, I hope..

It might be that the better fix is to re-order members without introducing __packed. There is no ABI involved.

That doesn't seem possible as len and pad must stay first.

As far as I can see, this isn't true - the layout is up to the filesystem. The filesystem just needs to guarantee that fh1 == fh2 implies that the two FIDs refer to the same file.

I can't see any NFS code which peeks into the fid structure. Perhaps @rmacklem can confirm?

As far as I know, the NFS server code does not look inside the fid structure.

Dec 3 2024, 9:49 PM

Nov 29 2024

rmacklem requested review of D47849: update mount_nfs.8 for the new mountport option.
Nov 29 2024, 9:57 PM

Nov 25 2024

rmacklem updated the summary of D47743: Add a new NFS mount option to specify the Mount protocol port#.
Nov 25 2024, 7:36 PM
rmacklem requested review of D47743: Add a new NFS mount option to specify the Mount protocol port#.
Nov 25 2024, 7:35 PM

Nov 24 2024

rmacklem committed rG0347ddf41f42: nfs_commonsubs.c: Make all upper case user domain work (authored by rmacklem).
nfs_commonsubs.c: Make all upper case user domain work
Nov 24 2024, 8:49 PM

Oct 24 2024

rmacklem committed rGfcd20d3181a7: nfsd: Fix handling of credentials with cr_ngroups == 0 (authored by rmacklem).
nfsd: Fix handling of credentials with cr_ngroups == 0
Oct 24 2024, 1:15 AM
rmacklem committed rGf6e1add0c9d3: nfsd: Fix handling of credentials with cr_ngroups == 0 (authored by rmacklem).
nfsd: Fix handling of credentials with cr_ngroups == 0
Oct 24 2024, 1:09 AM

Oct 21 2024

rmacklem accepted D47012: exports(5): -maproot, -mapall: Explain the fallback on no group.

Looks fine to me. You might ask manpages for a review as well.

Oct 21 2024, 10:56 PM
rmacklem closed D47204: Fix the NFS server's handling of exported mapped credentials with cr_ngroups == 0.
Oct 21 2024, 10:51 PM
rmacklem committed rGcaa309c8811d: nfsd: Fix handling of credentials with cr_ngroups == 0 (authored by rmacklem).
nfsd: Fix handling of credentials with cr_ngroups == 0
Oct 21 2024, 10:51 PM
rmacklem added a comment to D47204: Fix the NFS server's handling of exported mapped credentials with cr_ngroups == 0.

This seems fine. Is this fix the result of a bug report or just something you noticed? If the latter I wonder if just fixing the documentation would be simpler if the feature never worked.

Oct 21 2024, 4:11 PM

Oct 19 2024

rmacklem requested review of D47204: Fix the NFS server's handling of exported mapped credentials with cr_ngroups == 0.
Oct 19 2024, 8:31 PM

Oct 16 2024

rmacklem accepted D47014: mountd(8): parsecred(): Remove comment on non-existent bug.

Looks ok to me.

Oct 16 2024, 3:30 PM

Oct 14 2024

rmacklem accepted D47016: mountd(8): Allow to pass {NGROUPS_MAX} + 1 groups.

This version looks fine to me.

Oct 14 2024, 8:03 PM

Oct 13 2024

rmacklem committed rG6b0b026ae1a4: nfsd.c: Synchronize error handling (authored by joyul_juniper.net).
nfsd.c: Synchronize error handling
Oct 13 2024, 9:01 PM
rmacklem committed rG5a2cd24c46e3: nfsd.c: Synchronize error handling (authored by joyul_juniper.net).
nfsd.c: Synchronize error handling
Oct 13 2024, 8:51 PM
rmacklem accepted D47015: mountd(8): parsecred(): Re-order operations for clarity.

I'll click Accept, although I do not think it makes the code
clearer.
Just make it clear in the commit message that there are
no semantics change/bugfix done by this commit.

Oct 13 2024, 8:45 PM
rmacklem added inline comments to D47016: mountd(8): Allow to pass {NGROUPS_MAX} + 1 groups.
Oct 13 2024, 8:39 PM

Oct 12 2024

rmacklem added a comment to D46918: nfs, rpc: Ensure kernel credentials have at least one group.

Yuck! I never noticed this in the man page (I'm not going to look and
see who the author was, it might have been me long ago;-).

So, it says that an exports mapping credential can have no groups.

The easiest fix might be to just add a couple of lines at the beginning of grouplist()
retuning failed when cr_ngroups == 0.

I think you need to ask the "collective" (on a mailing list, such as freebsd-stable@
or freebsd-current@) what should be done about this.
I.e:
--> Fix grouplist() and any others to handle the case of cr_ngroups == 0 correctly.
OR
--> Fix the exports(5) man page and do not allow the case of "no groups".

Oops, when I said grouplist() above, I meant groupmember(), which I
think is the only function that checks to see if a credential has a group
that matches the group ownership of the file (or the ACE in the ACL for
the file).

groupmember() (and realgroupmember() I added a while ago) are just the tip of the iceberg. The harder problem is that cr_groups[0] (or its alias, cr_gid) is accessed in multiple places without any checks. And even adding checks can only go so far, i.e., will cause crash (or malfunction in production if checks are under INVARIANTS) only in very specific cases that may be hard to trigger. There are simply places where not having a GID is not a possibility, especially for process credentials. struct ucred is arguably used for other purposes that may not formally require a GID (and other stuff like MAC labels), which would plead in favor of having other structures/simplified access check functions for other cases, which you had to do for the NFS interfaces. I doubt that trying to remove the one-group minimum (i.e., compulsory effective GID) requirement is worth it without also doing the latter part. Just moving the required one minimum slot from cr_groups to a really separate cr_gid field alone is probably not worth the trouble. In any case, I don't have time to devote to that for now.

Well, the NFS server does not use these mapped exported credentials in many ways.
As far as I can see at a quick look, groupmember(), which is called from VOP_ACCESS()/VOP_ACCESSX()
is about it.
Since the exports(5) man page suggests that this is a valid case, then I think the code should be fixed
to handle cr_ngroups == 0 for this specific case (not all uses of cr_ngroups).
Note that this appears to have been broken by commit 7f92e57 on Jun 20, 2009.
(Prior to that, groupmember would always return failure for cr_ngroups == 0.)

I think the first step is to fix groupmember() by adding something like:

/*
 * The NFS server can use a credential with cr_ngroups == 0 when using a mapped
 * exported credential.
 */
if (cred->cr_ngroups == 0)
    return (false);

at the beginning of groupmember().
Since the code in vfs_domount_update() sets export.ex_groups = NULL, it should
be easy to find any other places that need to be fixed by running some testing.
(I will start doing that to-day.)

Making the credentials into a grouplist of one element set to GID_NOGROUP is
not the best plan, since it is possible to have a file with a gid ownership of GID_NOGROUP.
(It can happen frequently when NFSv4 is misconfigured, so the Owner_group translates
to GID_NOGROUP, since it cannot do the correct translation.)

The above change is obviously safe and can be MFC'd.

I did test the above patch along with a "hack" that set cr_groups = NULL,
so any access would cause a crash.
The only one I got was from a totally bogus line in nfsd_excred(0 which
looks like: nd->nd_cred->cr_gid = credanon->cr_gid;
just before crsetgroups(), so it is harmless noise (left over from code meant
to work for BSDen that had a separate cr_gid.)

Oct 12 2024, 11:58 PM
rmacklem committed rGcc07d914bc80: nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1 (authored by rmacklem).
nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1
Oct 12 2024, 12:51 AM
rmacklem added a reverting change for rG9792c7d3eb41: nfscl: Enable support for the Lookup+Open RPC: rG83ac4cebe84e: Revert "nfscl: Enable support for the Lookup+Open RPC".
Oct 12 2024, 12:46 AM
rmacklem committed rG83ac4cebe84e: Revert "nfscl: Enable support for the Lookup+Open RPC" (authored by rmacklem).
Revert "nfscl: Enable support for the Lookup+Open RPC"
Oct 12 2024, 12:46 AM
rmacklem committed rGe7474c619270: nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1 (authored by rmacklem).
nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1
Oct 12 2024, 12:45 AM

Oct 11 2024

rmacklem added a comment to D46918: nfs, rpc: Ensure kernel credentials have at least one group.

Yuck! I never noticed this in the man page (I'm not going to look and
see who the author was, it might have been me long ago;-).

So, it says that an exports mapping credential can have no groups.

The easiest fix might be to just add a couple of lines at the beginning of grouplist()
retuning failed when cr_ngroups == 0.

I think you need to ask the "collective" (on a mailing list, such as freebsd-stable@
or freebsd-current@) what should be done about this.
I.e:
--> Fix grouplist() and any others to handle the case of cr_ngroups == 0 correctly.
OR
--> Fix the exports(5) man page and do not allow the case of "no groups".

Oops, when I said grouplist() above, I meant groupmember(), which I
think is the only function that checks to see if a credential has a group
that matches the group ownership of the file (or the ACE in the ACL for
the file).

groupmember() (and realgroupmember() I added a while ago) are just the tip of the iceberg. The harder problem is that cr_groups[0] (or its alias, cr_gid) is accessed in multiple places without any checks. And even adding checks can only go so far, i.e., will cause crash (or malfunction in production if checks are under INVARIANTS) only in very specific cases that may be hard to trigger. There are simply places where not having a GID is not a possibility, especially for process credentials. struct ucred is arguably used for other purposes that may not formally require a GID (and other stuff like MAC labels), which would plead in favor of having other structures/simplified access check functions for other cases, which you had to do for the NFS interfaces. I doubt that trying to remove the one-group minimum (i.e., compulsory effective GID) requirement is worth it without also doing the latter part. Just moving the required one minimum slot from cr_groups to a really separate cr_gid field alone is probably not worth the trouble. In any case, I don't have time to devote to that for now.

Oct 11 2024, 9:26 PM

Oct 9 2024

rmacklem accepted D47013: nmount(2), NFS: Accept 'ngroups_max + 1' groups in "export" credentials.

Looks fine to me, since ngroups_max can never
be set < NGROUPS_MAX.

Oct 9 2024, 2:29 AM

Oct 8 2024

rmacklem added a comment to D46918: nfs, rpc: Ensure kernel credentials have at least one group.

You claim there are bugs that result in no groups
(cr_ngroups == 0), but you do not show a specific
test case that finds this or describe exactly how it
happens.

See, e.g., current processing of a list uid:gid:.. when just uid: is passed (no GID, but a colon at the end), and the below patch. This possibility is incidentally documented as the way to specify no groups in the exports(5) man page (under -maproot).

Yuck! I never noticed this in the man page (I'm not going to look and
see who the author was, it might have been me long ago;-).

So, it says that an exports mapping credential can have no groups.

The easiest fix might be to just add a couple of lines at the beginning of grouplist()
retuning failed when cr_ngroups == 0.

I think you need to ask the "collective" (on a mailing list, such as freebsd-stable@
or freebsd-current@) what should be done about this.
I.e:
--> Fix grouplist() and any others to handle the case of cr_ngroups == 0 correctly.
OR
--> Fix the exports(5) man page and do not allow the case of "no groups".

Oops, when I said grouplist() above, I meant groupmember(), which I
think is the only function that checks to see if a credential has a group
that matches the group ownership of the file (or the ACE in the ACL for
the file).

Oct 8 2024, 12:39 AM
rmacklem added inline comments to D46921: mountd(8): parsecred(): Groups limit: NGROUPS_MAX => NGROUPS_MAX + 1.
Oct 8 2024, 12:24 AM
rmacklem added a comment to D46918: nfs, rpc: Ensure kernel credentials have at least one group.

You claim there are bugs that result in no groups
(cr_ngroups == 0), but you do not show a specific
test case that finds this or describe exactly how it
happens.

See, e.g., current processing of a list uid:gid:.. when just uid: is passed (no GID, but a colon at the end), and the below patch. This possibility is incidentally documented as the way to specify no groups in the exports(5) man page (under -maproot).

Yuck! I never noticed this in the man page (I'm not going to look and
see who the author was, it might have been me long ago;-).

Oct 8 2024, 12:04 AM

Oct 7 2024

rmacklem added inline comments to D46919: mountd(8): parsecred(): uid:gid:... loop: Simplify a bit.
Oct 7 2024, 3:59 PM
rmacklem added inline comments to D46919: mountd(8): parsecred(): uid:gid:... loop: Simplify a bit.
Oct 7 2024, 3:22 PM
rmacklem added a comment to D46920: mountd(8): parsecred(): Remove "duplicate compression".

Sun RPC has a gid plus a list of additional groups (MAX 16) on the wire.
Broken code existed for a long time, that did the following:

cr_gid = gid
copy groups list

Step two overwrote the first gid, since cr_gid was just cr_groups[0] for BSD

The workaround was to put the same gid# in gid and element 0 of the Sun RPC
on-the-wire gid list.

I wasn't aware, thanks for providing these elements. That said, what you describe is only a problem if that Sun RPC code is used verbatim on a BSD, which has not been the case for a long time on FreeBSD AFAICT, and the remote doesn't put the same GID in the first element of the groups array.

Are any of these broken systems still out there (several very old variants of *BSD)?
If they are, you can easily break interoperability if you take this "put the same gid
in gid and element 0 of the gid list on the wire".

I see. However, I think the situation here in mountd is the opposite: We were just getting rid of one occurrence of a GID if both present as the effective GID (slot 0) and the first supplementary group (slot 1), and my point is that doing so is unnecessary (as explained in the commit message).

--> The code that looks for and gets rid of the duplicate on the receiving side

probably doesn't matter.

Not sure why you refer to the receiving side here. mountd, AFAICT, is always the sending side for such information. Or are you referring to some implementations of getgrouplist() such as NIS, or some other method?

Yes. The historical background wass just FYI for whoever was reading this
and wondering why the code would check for a duplicate.
I agree with you that the duplicate is unlikely to still exist in passwd/group databases
used by FreeBSD, so removing the code seems reasonable and does simplify the
code slightly.

Oct 7 2024, 3:02 PM
rmacklem added a comment to D46921: mountd(8): parsecred(): Groups limit: NGROUPS_MAX => NGROUPS_MAX + 1.

Remember this code is setting up exports. The "credentials" are created
from the exports in the kernel. It has nothing to do with setuid()/setgid()
etc. for processes.

Oct 7 2024, 2:56 PM
rmacklem added inline comments to D46920: mountd(8): parsecred(): Remove "duplicate compression".
Oct 7 2024, 2:48 PM

Oct 4 2024

rmacklem added inline comments to D46919: mountd(8): parsecred(): uid:gid:... loop: Simplify a bit.
Oct 4 2024, 11:36 PM
rmacklem accepted D46919: mountd(8): parsecred(): uid:gid:... loop: Simplify a bit.
Oct 4 2024, 11:26 PM
rmacklem added a comment to D46918: nfs, rpc: Ensure kernel credentials have at least one group.

You claim there are bugs that result in no groups
(cr_ngroups == 0), but you do not show a specific
test case that finds this or describe exactly how it
happens.
--> If there is such a case (I am not aware of one),

we should try to isolate/fix that such that there
is always at least one group in the credentials.

(There is always at least one group in the credentials
that come on on-the-wire, since there is a separate gid
in the Sun RPC AUTH_UNIX authenticator from the
list of additional groups.)

Oct 4 2024, 11:21 PM
rmacklem added inline comments to D46920: mountd(8): parsecred(): Remove "duplicate compression".
Oct 4 2024, 10:57 PM
rmacklem added inline comments to D46921: mountd(8): parsecred(): Groups limit: NGROUPS_MAX => NGROUPS_MAX + 1.
Oct 4 2024, 10:50 PM
rmacklem added a comment to D46920: mountd(8): parsecred(): Remove "duplicate compression".

I will look at the patches later, but just in case you are not aware of
why a lot of this weirdness exists in the code...

Oct 4 2024, 2:50 PM

Sep 30 2024

rmacklem committed rGeb345e05ac66: nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1 (authored by rmacklem).
nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1
Sep 30 2024, 10:52 PM

Sep 29 2024

rmacklem committed rGf321956d9806: nfsd.c: Synchronize error handling (authored by joyul_juniper.net).
nfsd.c: Synchronize error handling
Sep 29 2024, 8:15 PM