From: Andreas Gruenbacher <agruen@suse.de>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Neil Brown <neilb@cse.unsw.edu.au>, Olaf Kirch <okir@suse.de>,
"Andries E. Brouwer" <Andries.Brouwer@cwi.nl>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [patch 12/13] ACL umask handling workaround in nfs client
Date: Tue, 22 Feb 2005 17:47:24 +0100 [thread overview]
Message-ID: <1109090843.6102.443.camel@winden.suse.de> (raw)
In-Reply-To: <1108490682.10073.57.camel@lade.trondhjem.org>
[-- Attachment #1: Type: text/plain, Size: 1826 bytes --]
On Tue, 2005-02-15 at 19:04, Trond Myklebust wrote:
> lau den 22.01.2005 Klokka 21:34 (+0100) skreiv Andreas Gruenbacher:
> > vanlig tekstdokument vedlegg (patches.suse)
> > NFSv3 has no concept of a umask on the server side: The client applies
> > the umask locally, and sends the effective permissions to the server.
> > This behavior is wrong when files are created in a directory that has
> > a default ACL. In this case, the umask is supposed to be ignored, and
> > only the default ACL determines the file's effective permissions.
> >
> > Usually its the server's task to conditionally apply the umask. But
> > since the server knows nothing about the umask, we have to do it on the
> > client side. This patch tries to fetch the parent directory's default
> > ACL before creating a new file, computes the appropriate create mode to
> > send to the server, and finally sets the new file's access and default
> > acl appropriately.
>
> Firstly, this sort of code belongs in the NFSv3-specific code. POSIX
> acls have no business whatsoever in the generic NFS code.
See attached patch.
NOTE:
During testing I noticed that without
nfsacl-cache-acls-on-the-nfs-client-side.patch, no directories or
devices can be created. It's probably a problem with
nfs_set_default_acl(). I'll have to debug this tomorrow.
> Secondly, what is the point of doing all this *after* you have created
> the file with the wrong permissions? How are you avoiding races?
Well, everything but the umask is always correct; that is guaranteed by
the server. The initial create sets permissions that may be more
restrictive than necessary, and then the SETACL RPC sets up the final,
correct permissions. I don't believe that a race-free solution is
possible.
Cheers,
--
Andreas Gruenbacher <agruen@suse.de>
SUSE Labs, SUSE LINUX GMBH
[-- Attachment #2: nfsacl-acl-umask-handling-workaround-in-nfs-client-fix2.patch --]
[-- Type: text/x-patch, Size: 4260 bytes --]
Index: linux-2.6.11-rc3/fs/nfs/dir.c
===================================================================
--- linux-2.6.11-rc3.orig/fs/nfs/dir.c
+++ linux-2.6.11-rc3/fs/nfs/dir.c
@@ -42,12 +42,15 @@ static int nfs_opendir(struct inode *, s
static int nfs_readdir(struct file *, void *, filldir_t);
static struct dentry *nfs_lookup(struct inode *, struct dentry *, struct nameidata *);
static int nfs_create(struct inode *, struct dentry *, int, struct nameidata *);
+static int nfs3_create(struct inode *, struct dentry *, int, struct nameidata *);
static int nfs_mkdir(struct inode *, struct dentry *, int);
+static int nfs3_mkdir(struct inode *, struct dentry *, int);
static int nfs_rmdir(struct inode *, struct dentry *);
static int nfs_unlink(struct inode *, struct dentry *);
static int nfs_symlink(struct inode *, struct dentry *, const char *);
static int nfs_link(struct dentry *, struct inode *, struct dentry *);
static int nfs_mknod(struct inode *, struct dentry *, int, dev_t);
+static int nfs3_mknod(struct inode *, struct dentry *, int, dev_t);
static int nfs_rename(struct inode *, struct dentry *,
struct inode *, struct dentry *);
static int nfs_fsync_dir(struct file *, struct dentry *, int);
@@ -77,14 +80,14 @@ struct inode_operations nfs_dir_inode_op
#ifdef CONFIG_NFS_V3
struct inode_operations nfs3_dir_inode_operations = {
- .create = nfs_create,
+ .create = nfs3_create,
.lookup = nfs_lookup,
.link = nfs_link,
.unlink = nfs_unlink,
.symlink = nfs_symlink,
- .mkdir = nfs_mkdir,
+ .mkdir = nfs3_mkdir,
.rmdir = nfs_rmdir,
- .mknod = nfs_mknod,
+ .mknod = nfs3_mknod,
.rename = nfs_rename,
.permission = nfs_permission,
.getattr = nfs_getattr,
@@ -994,16 +997,14 @@ out_err:
return error;
}
-static int nfs_set_default_acl(struct inode *dir, struct inode *inode,
- mode_t mode)
+#ifdef CONFIG_NFS_V3
+static int nfs3_set_default_acl(struct inode *dir, struct inode *inode,
+ mode_t mode)
{
#ifdef CONFIG_NFS_ACL
struct posix_acl *dfacl, *acl;
int error = 0;
- if (NFS_PROTO(inode)->version != 3 ||
- !NFS_PROTO(dir)->getacl || !NFS_PROTO(inode)->setacls)
- return 0;
dfacl = NFS_PROTO(dir)->getacl(dir, ACL_TYPE_DEFAULT);
if (IS_ERR(dfacl)) {
error = PTR_ERR(dfacl);
@@ -1028,6 +1029,7 @@ out:
return 0;
#endif
}
+#endif
/*
* Following a failed create operation, we drop the dentry rather
@@ -1060,7 +1062,7 @@ static int nfs_create(struct inode *dir,
d_instantiate(dentry, inode);
nfs_renew_times(dentry);
nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
- error = nfs_set_default_acl(dir, inode, mode);
+ error = 0;
} else {
error = PTR_ERR(inode);
d_drop(dentry);
@@ -1069,6 +1071,22 @@ static int nfs_create(struct inode *dir,
return error;
}
+#ifdef CONFIG_NFS_V3
+static int nfs3_create(struct inode *dir, struct dentry *dentry, int mode,
+ struct nameidata *nd)
+{
+ int error;
+
+ lock_kernel();
+ error = nfs_create(dir, dentry, mode, nd);
+ if (!error)
+ error = nfs3_set_default_acl(dir, dentry->d_inode, mode);
+ unlock_kernel();
+
+ return error;
+}
+#endif
+
/*
* See comments for nfs_proc_create regarding failed operations.
*/
@@ -1098,9 +1116,21 @@ nfs_mknod(struct inode *dir, struct dent
error = nfs_instantiate(dentry, &fhandle, &fattr);
else
d_drop(dentry);
+ unlock_kernel();
+ return error;
+}
+
+static int nfs3_mknod(struct inode *dir, struct dentry *dentry, int mode,
+ dev_t rdev)
+{
+ int error;
+
+ lock_kernel();
+ error = nfs_mknod(dir, dentry, mode, rdev);
if (!error)
- error = nfs_set_default_acl(dir, dentry->d_inode, mode);
+ error = nfs3_set_default_acl(dir, dentry->d_inode, mode);
unlock_kernel();
+
return error;
}
@@ -1138,9 +1168,20 @@ static int nfs_mkdir(struct inode *dir,
error = nfs_instantiate(dentry, &fhandle, &fattr);
else
d_drop(dentry);
+ unlock_kernel();
+ return error;
+}
+
+static int nfs3_mkdir(struct inode *dir, struct dentry *dentry, int mode)
+{
+ int error;
+
+ lock_kernel();
+ error = nfs_mkdir(dir, dentry, mode);
if (!error)
- error = nfs_set_default_acl(dir, dentry->d_inode, mode);
+ error = nfs3_set_default_acl(dir, dentry->d_inode, mode);
unlock_kernel();
+
return error;
}
next prev parent reply other threads:[~2005-02-22 16:48 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-22 20:34 [patch 0/13] NFSACL protocol extension for NFSv3 Andreas Gruenbacher
2005-01-22 20:34 ` [patch 1/13] Qsort Andreas Gruenbacher
2005-01-22 21:00 ` vlobanov
2005-01-23 2:03 ` Felipe Alfaro Solana
2005-01-23 2:39 ` Andi Kleen
2005-01-23 3:02 ` Jesper Juhl
2005-01-23 4:46 ` Andi Kleen
2005-01-23 5:05 ` Jesper Juhl
2005-01-23 10:37 ` Rafael J. Wysocki
2005-01-24 4:29 ` Horst von Brand
2005-01-24 15:45 ` Alan Cox
2005-01-24 17:10 ` H. Peter Anvin
2005-01-25 0:43 ` Horst von Brand
2005-01-25 4:06 ` Eric St-Laurent
2005-01-24 22:04 ` Mike Waychison
2005-01-25 6:51 ` Andi Kleen
2005-01-25 10:12 ` Andreas Gruenbacher
2005-01-25 12:00 ` Andi Kleen
2005-01-25 12:05 ` Olaf Kirch
2005-01-25 16:52 ` Trond Myklebust
2005-01-25 16:53 ` Andreas Gruenbacher
2005-01-25 17:03 ` Trond Myklebust
2005-01-25 17:16 ` Andreas Gruenbacher
2005-01-25 17:37 ` Trond Myklebust
2005-01-25 18:12 ` Andreas Gruenbacher
2005-01-25 19:33 ` Trond Myklebust
2005-01-25 19:49 ` Andreas Gruenbacher
2005-01-23 4:29 ` Matt Mackall
2005-01-24 0:21 ` Nathan Scott
2005-01-24 2:57 ` Matt Mackall
2005-01-24 4:02 ` Horst von Brand
2005-01-24 21:57 ` Matt Mackall
2005-01-23 4:58 ` Felipe Alfaro Solana
2005-01-24 21:20 ` Matt Mackall
2005-01-24 21:50 ` vlobanov
2005-01-23 4:22 ` Matt Mackall
2005-01-23 5:44 ` Willy Tarreau
2005-01-23 21:24 ` Richard Henderson
[not found] ` <1106431568.4153.154.camel@laptopd505.fenrus.org>
2005-01-22 22:10 ` Andreas Gruenbacher
2005-01-22 23:28 ` Matt Mackall
2005-01-23 0:21 ` Matt Mackall
2005-01-23 5:08 ` Andreas Gruenbacher
2005-01-23 5:32 ` Matt Mackall
2005-01-23 12:22 ` Andreas Gruenbacher
2005-01-23 16:49 ` Matt Mackall
2005-01-24 3:48 ` Horst von Brand
2005-01-24 20:15 ` [PATCH] lib/qsort Matt Mackall
2005-01-24 23:09 ` Andrew Morton
2005-01-24 23:30 ` Matt Mackall
2005-01-25 4:11 ` Matt Mackall
2005-01-22 20:34 ` [patch 2/13] Return -ENOSYS for RPC programs that are unavailable Andreas Gruenbacher
2005-02-15 17:04 ` Trond Myklebust
2005-02-16 15:32 ` Andreas Gruenbacher
2005-01-22 20:34 ` [patch 3/13] Add missing -EOPNOTSUPP => NFS3ERR_NOTSUPP mapping in nfsd Andreas Gruenbacher
2005-01-22 20:34 ` [patch 4/13] Allow multiple programs to listen on the same port Andreas Gruenbacher
2005-01-22 20:34 ` [patch 5/13] Allow multiple programs to share the same transport Andreas Gruenbacher
2005-01-22 20:34 ` [patch 6/13] Lazy RPC receive buffer allocation Andreas Gruenbacher
2005-01-22 20:34 ` [patch 7/13] Encode and decode arbitrary XDR arrays Andreas Gruenbacher
2005-02-15 19:17 ` Trond Myklebust
2005-02-16 16:08 ` Andreas Gruenbacher
2005-02-17 14:12 ` Adrian Bunk
2005-01-22 20:34 ` [patch 8/13] Add noacl nfs mount option Andreas Gruenbacher
2005-02-15 17:24 ` Trond Myklebust
2005-02-16 16:10 ` Andreas Gruenbacher
2005-01-22 20:34 ` [patch 9/13] Infrastructure and server side of nfsacl Andreas Gruenbacher
2005-01-22 20:34 ` [patch 10/13] Solaris nfsacl workaround Andreas Gruenbacher
2005-02-15 17:29 ` Trond Myklebust
2005-02-15 20:35 ` Olivier Galibert
2005-02-15 22:43 ` Trond Myklebust
2005-02-15 23:02 ` Olivier Galibert
2005-02-15 23:37 ` Trond Myklebust
2005-02-15 23:43 ` Olivier Galibert
2005-02-16 16:17 ` Andreas Gruenbacher
2005-02-16 17:05 ` Trond Myklebust
2005-02-16 17:39 ` Andreas Gruenbacher
2005-01-22 20:34 ` [patch 11/13] Client side of nfsacl Andreas Gruenbacher
2005-02-15 17:49 ` Trond Myklebust
2005-02-22 13:41 ` Andreas Gruenbacher
2005-02-22 14:13 ` Trond Myklebust
2005-01-22 20:34 ` [patch 12/13] ACL umask handling workaround in nfs client Andreas Gruenbacher
2005-01-25 1:20 ` Andreas Gruenbacher
2005-02-15 18:04 ` Trond Myklebust
2005-02-22 16:47 ` Andreas Gruenbacher [this message]
2005-02-22 17:43 ` Trond Myklebust
2005-01-22 20:34 ` [patch 13/13] Cache acls on the nfs client side Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1109090843.6102.443.camel@winden.suse.de \
--to=agruen@suse.de \
--cc=Andries.Brouwer@cwi.nl \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@cse.unsw.edu.au \
--cc=okir@suse.de \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.