Control: tag -1 moreinfo On Mon, 2017-01-09 at 16:24 +0100, Christoph Martin wrote: > Package: src:linux > Version: 4.8.11-1~bpo8+1 > Severity: important > > after upgrading from kernel 4.7 to 4.8 nfs mounts of shares with > group permissions (on a Netapp filer) via a nfs referral server > are not anymore mountable using nfs4.1 and kerberos. > > This seams to be caused by the following upstream patch to VFS: > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8-rc1&id=a867d7349e94b6409b08629886a819f802377e91
But that's a merge commit. The patch you see is the combination of a long series of separate patches. Can you test whether the attached revert patch also fixes this? > We verified the problem by applying the patch to a 4.7 kernel. > > In our setup we have several thousand user and group directories/shares on > multiple Netapp filers which get mapped into a unique filespace via an > NFS referral server. > > With kernels up to 4.7 on login of a user the respective home directory was > mounted with the kerberos ticket of the user from kernel automounter. > The group > directories were also automatically mounted via kernel automounter. [...] What does the client see as being the user-owner of the group directories? Ben. -- Ben Hutchings In a hierarchy, every employee tends to rise to his level of incompetence.
From: Ben Hutchings <b...@decadent.org.uk> Date: Mon, 9 Jan 2017 16:12:46 +0000 Subject: [PATCH] Revert "vfs: Don't modify inodes with a uid or gid unknown to the vfs" Bug-Debian: https://bugs.debian.org/850713 This reverts commit 0bd23d09b874e53bd1a2fe2296030aa2720d7b08. --- fs/attr.c | 8 -------- fs/inode.c | 7 ------- fs/namei.c | 26 +++++--------------------- fs/xattr.c | 7 ------- include/linux/fs.h | 5 ----- 5 files changed, 5 insertions(+), 48 deletions(-) diff --git a/fs/attr.c b/fs/attr.c index 3c42cab06b5d..d0cfc56ca7f9 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -281,14 +281,6 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de !kgid_has_mapping(inode->i_sb->s_user_ns, attr->ia_gid)) return -EOVERFLOW; - /* Don't allow modifications of files with invalid uids or - * gids unless those uids & gids are being made valid. - */ - if (!(ia_valid & ATTR_UID) && !uid_valid(inode->i_uid)) - return -EOVERFLOW; - if (!(ia_valid & ATTR_GID) && !gid_valid(inode->i_gid)) - return -EOVERFLOW; - error = security_inode_setattr(dentry, attr); if (error) return error; diff --git a/fs/inode.c b/fs/inode.c index 7e3ef3af3db9..cfd148f623ac 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1619,13 +1619,6 @@ bool atime_needs_update(const struct path *path, struct inode *inode) if (inode->i_flags & S_NOATIME) return false; - - /* Atime updates will likely cause i_uid and i_gid to be written - * back improprely if their true value is unknown to the vfs. - */ - if (HAS_UNMAPPED_ID(inode)) - return false; - if (IS_NOATIME(inode)) return false; if ((inode->i_sb->s_flags & MS_NODIRATIME) && S_ISDIR(inode->i_mode)) diff --git a/fs/namei.c b/fs/namei.c index adb04146df09..cb28e130c06f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -411,14 +411,6 @@ int __inode_permission(struct inode *inode, int mask) */ if (IS_IMMUTABLE(inode)) return -EPERM; - - /* - * Updating mtime will likely cause i_uid and i_gid to be - * written back improperly if their true value is unknown - * to the vfs. - */ - if (HAS_UNMAPPED_ID(inode)) - return -EACCES; } retval = do_inode_permission(inode, mask); @@ -2758,11 +2750,10 @@ EXPORT_SYMBOL(__check_sticky); * c. have CAP_FOWNER capability * 6. If the victim is append-only or immutable we can't do antyhing with * links pointing to it. - * 7. If the victim has an unknown uid or gid we can't change the inode. - * 8. If we were asked to remove a directory and victim isn't one - ENOTDIR. - * 9. If we were asked to remove a non-directory and victim isn't one - EISDIR. - * 10. We can't remove a root or mountpoint. - * 11. We don't allow removal of NFS sillyrenamed files; it's handled by + * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR. + * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR. + * 9. We can't remove a root or mountpoint. + * 10. We don't allow removal of NFS sillyrenamed files; it's handled by * nfs_async_unlink(). */ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir) @@ -2784,7 +2775,7 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir) return -EPERM; if (check_sticky(dir, inode) || IS_APPEND(inode) || - IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode)) + IS_IMMUTABLE(inode) || IS_SWAPFILE(inode)) return -EPERM; if (isdir) { if (!d_is_dir(victim)) @@ -4165,13 +4156,6 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de */ if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return -EPERM; - /* - * Updating the link count will likely cause i_uid and i_gid to - * be writen back improperly if their true value is unknown to - * the vfs. - */ - if (HAS_UNMAPPED_ID(inode)) - return -EPERM; if (!dir->i_op->link) return -EPERM; if (S_ISDIR(inode->i_mode)) diff --git a/fs/xattr.c b/fs/xattr.c index c243905835ab..4beafc43daa5 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -38,13 +38,6 @@ xattr_permission(struct inode *inode, const char *name, int mask) if (mask & MAY_WRITE) { if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) return -EPERM; - /* - * Updating an xattr will likely cause i_uid and i_gid - * to be writen back improperly if their true value is - * unknown to the vfs. - */ - if (HAS_UNMAPPED_ID(inode)) - return -EPERM; } /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 7c391366fb43..14e4701c6c23 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1872,11 +1872,6 @@ struct super_operations { #define IS_WHITEOUT(inode) (S_ISCHR(inode->i_mode) && \ (inode)->i_rdev == WHITEOUT_DEV) -static inline bool HAS_UNMAPPED_ID(struct inode *inode) -{ - return !uid_valid(inode->i_uid) || !gid_valid(inode->i_gid); -} - /* * Inode state bits. Protected by inode->i_lock *
signature.asc
Description: This is a digitally signed message part
