From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@suse.de>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>,
Christoph Hellwig <hch@infradead.org>,
Frank van Maarseveen <frankvm@frankvm.com>,
Christoph Hellwig <hch@lst.de>,
Linux NFS mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] exportfs: fix incorrect EACCES in reconnect_path()
Date: Tue, 6 May 2008 15:50:41 -0400 [thread overview]
Message-ID: <20080506195041.GD13484@fieldses.org> (raw)
In-Reply-To: <18463.42978.531115.344884-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
On Tue, May 06, 2008 at 10:35:46AM +1000, Neil Brown wrote:
> On Monday May 5, bfields@fieldses.org wrote:
> > On Mon, May 05, 2008 at 09:22:49AM +1000, Neil Brown wrote:
> > >
> > > Now it could be argued that this permission test is really a dumb idea
> > > that buys nothing and costs much. And if you were to queue a patch to
> > > get rid of it, I doubt you would get any objections .... certainly not
> > > from me :-)
> >
> > Dumb idea or not, it looks like it's explicitly documented in
> > exports(5):
> >
> > " subtree checking is also used to make sure that files
> > inside directories to which only root has access can only be
> > accessed if the filesystem is exported with no_root_squash
> > (see below), even if the file itself allows more general
> > access."
> >
> > So as much as I'd like to I'm not comfortable silently turning off that
> > check.
>
> Ack.
>
> >
> > I suppose we could choose to acquire those capabilities only in the
> > no_subtree_check case.
>
> If only it were that easy ;-)
>
> reconnect_path potentially requires both 'r' and 'x' permission on
> parent directories. 'r' to be able to read the directory to find the
> name of the object being reconnected, and 'x' to do the lookup which
> effects the reconnect.
>
> To fix the current bug properly, reconnect_path still needs to bypass
> normal permission checks even when subtree_check is in effect, so it
> can be sure of getting read permission on the parent directory.
OK, but why not just forget the subtree_check case? It would be just
another item on the "reasons not to use subtree_check" list.
If a fix for the subtree checking case were easy (or if someone else had
the time to do a very careful job of it), then fine, but maybe we should
just fix the easy case and leave the subtree checking as is for now.
--b.
>
> There is another way .... but it would need careful consideration.
>
> While the dentry returned by exportfs_decode_fh (for a directory) must
> be connected in the dcache tree, it does *not* need to have a correct
> name. All that is needed is that d_parent is correct (this is used,
> as mentioned before, to correctly lock directory renames).
>
> We can leave the dentry unhashed but with a correct d_parent pointer.
> If the directory is ever access by name, d_slice_alias will be called
> and this will update the name in the dentry to be correct.
>
> We could then get rid of exportfs_get_name and the call to
> lookup_one_len, and add some dcache magic after the ->get_parent call
> to make 'pd' an anonymous child of 'ppd'.
>
> Some matching changes to d_splice_alias should finish the task.
>
> Does this seem sane to anyone else? Is it worth a try?
>
>
> NeilBrown
next prev parent reply other threads:[~2008-05-06 19:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-04 10:24 reconnect_path() breaks NFS server causing occasional EACCES Frank van Maarseveen
2008-04-07 18:43 ` J. Bruce Fields
2008-04-07 19:55 ` Frank van Maarseveen
2008-04-09 13:36 ` Christoph Hellwig
2008-04-09 14:11 ` Frank van Maarseveen
2008-04-09 16:24 ` J. Bruce Fields
2008-04-29 5:20 ` Neil Brown
[not found] ` <18454.45086.254692.412079-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2008-04-29 16:35 ` J. Bruce Fields
2008-04-29 17:40 ` Frank van Maarseveen
2008-04-30 17:47 ` J. Bruce Fields
2008-05-02 15:16 ` [PATCH] exportfs: fix incorrect EACCES in reconnect_path() Frank van Maarseveen
2008-05-02 15:34 ` Christoph Hellwig
2008-05-02 15:56 ` J. Bruce Fields
2008-05-02 16:04 ` Trond Myklebust
[not found] ` <1209744293.8294.19.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2008-05-02 22:12 ` J. Bruce Fields
2008-05-04 23:22 ` Neil Brown
[not found] ` <18462.17737.353976.999538-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2008-05-05 17:47 ` J. Bruce Fields
2008-05-06 0:35 ` Neil Brown
[not found] ` <18463.42978.531115.344884-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2008-05-06 19:50 ` J. Bruce Fields [this message]
2008-05-08 3:03 ` Neil Brown
[not found] ` <18466.28013.258338.485948-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2008-05-09 4:34 ` J. Bruce Fields
2008-05-09 10:11 ` Frank van Maarseveen
2008-06-29 19:27 ` J. Bruce Fields
2008-05-03 8:52 ` Frank van Maarseveen
2008-04-30 23:29 ` reconnect_path() breaks NFS server causing occasional EACCES Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080506195041.GD13484@fieldses.org \
--to=bfields@fieldses.org \
--cc=frankvm@frankvm.com \
--cc=hch@infradead.org \
--cc=hch@lst.de \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.