[RFC PATCH v2 07/11] NFSD: add NFS4ACL_DACL and NFS4ACL_SACL passthru support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mike Snitzer <snitzer@kernel.org>
To: Chuck Lever <chuck.lever@oracle.com>,
	Jeff Layton <jlayton@kernel.org>,
	Trond Myklebust <trond.myklebust@hammerspace.com>,
	Anna Schumaker <anna.schumaker@oracle.com>
Cc: linux-nfs@vger.kernel.org
Subject: [RFC PATCH v2 07/11] NFSD: add NFS4ACL_DACL and NFS4ACL_SACL passthru support
Date: Tue, 24 Feb 2026 14:24:34 -0500	[thread overview]
Message-ID: <20260224192438.25351-8-snitzer@kernel.org> (raw)
In-Reply-To: <20260224192438.25351-1-snitzer@kernel.org>

From: Mike Snitzer <snitzer@hammerspace.com>

This 4.1 DACL and SACL support is confined to NFSD's NFS reexport case
(e.g. when NFSD 4.1 reexports NFS 4.2).

Signed-off-by: Mike Snitzer <snitzer@hammerspace.com>
---
 fs/nfsd/nfs4proc.c |  3 +++
 fs/nfsd/nfs4xdr.c  | 49 ++++++++++++++++++++++++++++++++++++++--------
 fs/nfsd/nfsd.h     |  5 +++--
 3 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index d05ac00f934e..4a43e5052deb 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -91,6 +91,9 @@ check_attr_support(struct nfsd4_compound_state *cstate, u32 *bmval,
 		return nfserr_attrnotsupp;
 	if ((bmval[0] & FATTR4_WORD0_ACL) && !nfsd_supports_nfs4_acl(dentry))
 		return nfserr_attrnotsupp;
+	if ((bmval[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)) &&
+	    !nfsd_supports_nfs4_acl(dentry))
+		return nfserr_attrnotsupp;
 	if ((bmval[2] & (FATTR4_WORD2_POSIX_DEFAULT_ACL |
 					FATTR4_WORD2_POSIX_ACCESS_ACL)) &&
 					!IS_POSIXACL(d_inode(dentry)))
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 80d2e7ea8cc9..99db768ad97e 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -315,7 +315,13 @@ __be32 nfsd4_decode_nfs4_acl_passthru(struct nfsd4_compoundargs *argp,
 		goto out;
 	}
 
-	(*acl)->type = NFS4ACL_ACL;
+	if (bmval[0] & FATTR4_WORD0_ACL)
+		(*acl)->type = NFS4ACL_ACL;
+	else if (bmval[1] & FATTR4_WORD1_DACL)
+		(*acl)->type = NFS4ACL_DACL;
+	else if (bmval[1] & FATTR4_WORD1_SACL)
+		(*acl)->type = NFS4ACL_SACL;
+
 	(*acl)->len = acl_len;
 	(*acl)->pgbase = pgbase;
 
@@ -571,7 +577,8 @@ nfsd4_decode_fattr4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen,
 		iattr->ia_size = size;
 		iattr->ia_valid |= ATTR_SIZE;
 	}
-	if (bmval[0] & FATTR4_WORD0_ACL) {
+	if (bmval[0] & FATTR4_WORD0_ACL ||
+	    (bmval[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL))) {
 		status = nfsd4_decode_acl(argp, acl, attrlist4_count);
 		if (status)
 			return status;
@@ -3253,8 +3260,12 @@ static __be32 nfsd4_encode_fattr4_supported_attrs(struct xdr_stream *xdr,
 	u32 supp[3];
 
 	memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
-	if (!nfsd_supports_nfs4_acl(args->dentry))
-		supp[0] &= ~FATTR4_WORD0_ACL;
+	if (!nfsd_supports_nfs4_acl(args->dentry)) {
+		if (supp[0] & FATTR4_WORD0_ACL)
+			supp[0] &= ~FATTR4_WORD0_ACL;
+		else if ((supp[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)))
+			supp[1] &= ~(FATTR4_WORD1_DACL | FATTR4_WORD1_SACL);
+	}
 	if (!args->contextsupport)
 		supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
 
@@ -3689,8 +3700,12 @@ static __be32 nfsd4_encode_fattr4_suppattr_exclcreat(struct xdr_stream *xdr,
 	u32 supp[3];
 
 	memcpy(supp, nfsd_suppattrs[resp->cstate.minorversion], sizeof(supp));
-	if (!nfsd_supports_nfs4_acl(args->dentry))
-		supp[0] &= ~FATTR4_WORD0_ACL;
+	if (!nfsd_supports_nfs4_acl(args->dentry)) {
+		if (supp[0] & FATTR4_WORD0_ACL)
+			supp[0] &= ~FATTR4_WORD0_ACL;
+		else if ((supp[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)))
+			supp[1] &= ~(FATTR4_WORD1_DACL | FATTR4_WORD1_SACL);
+	}
 	if (!args->contextsupport)
 		supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
 
@@ -3879,8 +3894,8 @@ static const nfsd4_enc_attr nfsd4_enc_fattr4_encode_ops[] = {
 	[FATTR4_MOUNTED_ON_FILEID]	= nfsd4_encode_fattr4_mounted_on_fileid,
 	[FATTR4_DIR_NOTIF_DELAY]	= nfsd4_encode_fattr4__noop,
 	[FATTR4_DIRENT_NOTIF_DELAY]	= nfsd4_encode_fattr4__noop,
-	[FATTR4_DACL]			= nfsd4_encode_fattr4__noop,
-	[FATTR4_SACL]			= nfsd4_encode_fattr4__noop,
+	[FATTR4_DACL]			= nfsd4_encode_fattr4_acl,
+	[FATTR4_SACL]			= nfsd4_encode_fattr4_acl,
 	[FATTR4_CHANGE_POLICY]		= nfsd4_encode_fattr4__noop,
 	[FATTR4_FS_STATUS]		= nfsd4_encode_fattr4__noop,
 
@@ -4067,6 +4082,24 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
 			goto out;
 		} else if (err != 0)
 			goto out_nfserr;
+	} else if (attrmask[1] & FATTR4_WORD1_DACL) {
+		err = nfsd4_get_nfs4_acl(rqstp, dentry, NFS4ACL_DACL, &args.acl);
+		if (err == -EOPNOTSUPP)
+			attrmask[1] &= ~FATTR4_WORD1_DACL;
+		else if (err == -EINVAL) {
+			status = nfserr_attrnotsupp;
+			goto out;
+		} else if (err != 0)
+			goto out_nfserr;
+	} else if (attrmask[1] & FATTR4_WORD1_SACL) {
+		err = nfsd4_get_nfs4_acl(rqstp, dentry, NFS4ACL_SACL, &args.acl);
+		if (err == -EOPNOTSUPP)
+			attrmask[1] &= ~FATTR4_WORD1_SACL;
+		else if (err == -EINVAL) {
+			status = nfserr_attrnotsupp;
+			goto out;
+		} else if (err != 0)
+			goto out_nfserr;
 	}
 
 	args.contextsupport = false;
diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h
index 7c009f07c90b..0f2aaabf4f8c 100644
--- a/fs/nfsd/nfsd.h
+++ b/fs/nfsd/nfsd.h
@@ -447,7 +447,8 @@ enum {
 	NFSD4_SUPPORTED_ATTRS_WORD0
 
 #define NFSD4_1_SUPPORTED_ATTRS_WORD1 \
-	(NFSD4_SUPPORTED_ATTRS_WORD1	| PNFSD_SUPPORTED_ATTRS_WORD1)
+	(NFSD4_SUPPORTED_ATTRS_WORD1	| PNFSD_SUPPORTED_ATTRS_WORD1 | \
+	 FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)
 
 #define NFSD4_1_SUPPORTED_ATTRS_WORD2 \
 	(NFSD4_SUPPORTED_ATTRS_WORD2	| PNFSD_SUPPORTED_ATTRS_WORD2 | \
@@ -540,7 +541,7 @@ static inline bool nfsd_attrs_supported(u32 minorversion, const u32 *bmval)
 #define NFSD_WRITEABLE_ATTRS_WORD1 \
 	(FATTR4_WORD1_MODE | FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP \
 	| FATTR4_WORD1_TIME_ACCESS_SET | FATTR4_WORD1_TIME_CREATE \
-	| FATTR4_WORD1_TIME_MODIFY_SET)
+	| FATTR4_WORD1_TIME_MODIFY_SET | FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 #define MAYBE_FATTR4_WORD2_SECURITY_LABEL \
 	FATTR4_WORD2_SECURITY_LABEL
-- 
2.44.0

next prev parent reply	other threads:[~2026-02-24 19:24 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-24 19:24 [RFC PATCH v2 00/11] NFS/NFSD: nfs4_acl passthru for NFSv4 reexport Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 01/11] exportfs: add ability to advertise NFSv4 ACL passthru support Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 02/11] NFSD: factor out nfsd_supports_nfs4_acl() to nfsd/acl.h Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 03/11] NFS/NFSD: data structure enablement for nfs4_acl passthru support Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 04/11] NFSD: prepare to support SETACL nfs4_acl passthru Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 05/11] NFSD: add NFS4 reexport support for " Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 06/11] NFSD: add NFS4 reexport support for GETACL " Mike Snitzer
2026-02-24 19:24 ` Mike Snitzer [this message]
2026-02-24 19:24 ` [RFC PATCH v2 08/11] NFSD: avoid extra nfs4_acl passthru work unless needed Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 09/11] NFSv4: add reexport support for SETACL nfs4_acl passthru Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 10/11] NFSv4: add reexport support for GETACL " Mike Snitzer
2026-02-24 19:24 ` [RFC PATCH v2 11/11] NFSv4: set EXPORT_OP_NFSV4_ACL_PASSTHRU flag Mike Snitzer
2026-02-24 21:58 ` [RFC PATCH v2 00/11] NFS/NFSD: nfs4_acl passthru for NFSv4 reexport Chuck Lever
2026-02-25 16:53   ` Mike Snitzer
2026-02-25 18:21     ` Chuck Lever
2026-03-10 13:26 ` Christoph Hellwig
2026-03-10 14:53   ` Trond Myklebust
2026-03-10 14:58     ` Christoph Hellwig
2026-03-10 16:41       ` Chuck Lever
2026-03-10 14:59     ` Chuck Lever

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d05ac00f934 dfblob:4a43e5052de dfblob:80d2e7ea8cc
dfblob:99db768ad97 dfblob:7c009f07c90 dfblob:0f2aaabf4f8 )
 OR (
bs:"[RFC PATCH v2 07/11] NFSD: add NFS4ACL_DACL and NFS4ACL_SACL passthru support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260224192438.25351-8-snitzer@kernel.org \
    --to=snitzer@kernel.org \
    --cc=anna.schumaker@oracle.com \
    --cc=chuck.lever@oracle.com \
    --cc=jlayton@kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.