Re: [PATCH v2] NFSD: Don't set default ACL if there are no ACE entries

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Kinglong Mee <kinglongmee@gmail.com>
Cc: Christoph Hellwig <hch@infradead.org>, linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2] NFSD: Don't set default ACL if there are no ACE entries
Date: Fri, 18 Apr 2014 08:19:20 -0400	[thread overview]
Message-ID: <20140418121920.GD18612@fieldses.org> (raw)
In-Reply-To: <5350A0A2.1020401@gmail.com>

On Fri, Apr 18, 2014 at 11:48:50AM +0800, Kinglong Mee wrote:
> After setting ACL for directory, I got two problems that caused
> by the cached zero-length default posix acl.
> 
> This patch make sure nfsd don't set a zero-length default
> posix ACL if there are no entries for the default ACL.
> 
> Thanks for Christoph Hellwig's advice.
> 
> v2:
>     drop calling forget_cached_acl(), just not set zero-length ACL

I thought Christoph's suggestion was to actually call ->set_acl with a
NULL ACL?  Does that turn out to be unnecessary?

--b.

> 
> First problem:
> # nfs4_setfacl -s A::OWNER@:RWX /mnt/123/; touch /mnt/123/test
> ............ hang ...........
> 
> Second problem:
> # nfs4_setfacl -s A::OWNER@:RWX /mnt/123/; nfs4_getfacl /mnt/123/
> [ 1610.167668] ------------[ cut here ]------------
> [ 1610.168320] kernel BUG at /root/nfs/linux/fs/nfsd/nfs4acl.c:239!
> [ 1610.168320] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC
> [ 1610.168320] Modules linked in: nfsv4(OE) nfs(OE) nfsd(OE)
> rpcsec_gss_krb5 fscache ip6t_rpfilter ip6t_REJECT cfg80211
> xt_conntrack rfkill ebtable_nat ebtable_broute bridge stp llc
> ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6
> nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security
> ip6table_raw ip6table_filter ip6_tables iptable_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> iptable_mangle iptable_security iptable_raw auth_rpcgss nfs_acl
> snd_intel8x0 ppdev lockd snd_ac97_codec ac97_bus snd_pcm snd_timer
> e1000 pcspkr parport_pc snd parport serio_raw joydev i2c_piix4
> sunrpc(OE) microcode soundcore i2c_core ata_generic pata_acpi [last
> unloaded: nfsd]
> [ 1610.168320] CPU: 0 PID: 27397 Comm: nfsd Tainted: G           OE
> 3.15.0-rc1+ #15
> [ 1610.168320] Hardware name: innotek GmbH VirtualBox/VirtualBox,
> BIOS VirtualBox 12/01/2006
> [ 1610.168320] task: ffff88005ab653d0 ti: ffff88005a944000 task.ti:
> ffff88005a944000
> [ 1610.168320] RIP: 0010:[<ffffffffa034d5ed>]  [<ffffffffa034d5ed>]
> _posix_to_nfsv4_one+0x3cd/0x3d0 [nfsd]
> [ 1610.168320] RSP: 0018:ffff88005a945b00  EFLAGS: 00010293
> [ 1610.168320] RAX: 0000000000000001 RBX: ffff88006700bac0 RCX:
> 0000000000000000
> [ 1610.168320] RDX: 0000000000000000 RSI: ffff880067c83f00 RDI:
> ffff880068233300
> [ 1610.168320] RBP: ffff88005a945b48 R08: ffffffff81c64830 R09:
> 0000000000000000
> [ 1610.168320] R10: ffff88004ea85be0 R11: 000000000000f475 R12:
> ffff880068233300
> [ 1610.168320] R13: 0000000000000003 R14: 0000000000000002 R15:
> ffff880068233300
> [ 1610.168320] FS:  0000000000000000(0000) GS:ffff880077800000(0000)
> knlGS:0000000000000000
> [ 1610.168320] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 1610.168320] CR2: 00007f5bcbd3b0b9 CR3: 0000000001c0f000 CR4:
> 00000000000006f0
> [ 1610.168320] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 1610.168320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 1610.168320] Stack:
> [ 1610.168320]  ffffffff00000000 0000000b67c83500 000000076700bac0
> 0000000000000000
> [ 1610.168320]  ffff88006700bac0 ffff880068233300 ffff88005a945c08
> 0000000000000002
> [ 1610.168320]  0000000000000000 ffff88005a945b88 ffffffffa034e2d5
> 000000065a945b68
> [ 1610.168320] Call Trace:
> [ 1610.168320]  [<ffffffffa034e2d5>] nfsd4_get_nfs4_acl+0x95/0x150 [nfsd]
> [ 1610.168320]  [<ffffffffa03400d6>] nfsd4_encode_fattr+0x646/0x1e70 [nfsd]
> [ 1610.168320]  [<ffffffff816a6e6e>] ? kmemleak_alloc+0x4e/0xb0
> [ 1610.168320]  [<ffffffffa0327962>] ?
> nfsd_setuser_and_check_port+0x52/0x80 [nfsd]
> [ 1610.168320]  [<ffffffff812cd4bb>] ? selinux_cred_prepare+0x1b/0x30
> [ 1610.168320]  [<ffffffffa0341caa>] nfsd4_encode_getattr+0x5a/0x60 [nfsd]
> [ 1610.168320]  [<ffffffffa0341e07>]
> nfsd4_encode_operation+0x67/0x110 [nfsd]
> [ 1610.168320]  [<ffffffffa033844d>] nfsd4_proc_compound+0x21d/0x810 [nfsd]
> [ 1610.168320]  [<ffffffffa0324d9b>] nfsd_dispatch+0xbb/0x200 [nfsd]
> [ 1610.168320]  [<ffffffffa00850cd>] svc_process_common+0x46d/0x6d0 [sunrpc]
> [ 1610.168320]  [<ffffffffa0085433>] svc_process+0x103/0x170 [sunrpc]
> [ 1610.168320]  [<ffffffffa032472f>] nfsd+0xbf/0x130 [nfsd]
> [ 1610.168320]  [<ffffffffa0324670>] ? nfsd_destroy+0x80/0x80 [nfsd]
> [ 1610.168320]  [<ffffffff810a5202>] kthread+0xd2/0xf0
> [ 1610.168320]  [<ffffffff810a5130>] ? insert_kthread_work+0x40/0x40
> [ 1610.168320]  [<ffffffff816c1ebc>] ret_from_fork+0x7c/0xb0
> [ 1610.168320]  [<ffffffff810a5130>] ? insert_kthread_work+0x40/0x40
> [ 1610.168320] Code: 78 02 e9 e7 fc ff ff 31 c0 31 d2 31 c9 66 89 45
> ce 41 8b 04 24 66 89 55 d0 66 89 4d d2 48 8d 04 80 49 8d 5c 84 04 e9
> 37 fd ff ff <0f> 0b 90 0f 1f 44 00 00 55 8b 56 08 c7 07 00 00 00 00
> 8b 46 0c
> [ 1610.168320] RIP  [<ffffffffa034d5ed>]
> _posix_to_nfsv4_one+0x3cd/0x3d0 [nfsd]
> [ 1610.168320]  RSP <ffff88005a945b00>
> [ 1610.257313] ---[ end trace 838254e3e352285b ]---
> 
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
> ---
>  fs/nfsd/nfs4acl.c | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
> index de5d66b..fdd259e 100644
> --- a/fs/nfsd/nfs4acl.c
> +++ b/fs/nfsd/nfs4acl.c
> @@ -395,8 +395,10 @@ sort_pacl(struct posix_acl *pacl)
>  	 * by uid/gid. */
>  	int i, j;
> 
> -	if (pacl->a_count <= 4)
> -		return; /* no users or groups */
> +	/* no users or groups */
> +	if (!pacl || pacl->a_count <= 4)
> +		return;
> +
>  	i = 1;
>  	while (pacl->a_entries[i].e_tag == ACL_USER)
>  		i++;
> @@ -523,13 +525,11 @@ posix_state_to_acl(struct posix_acl_state
> *state, unsigned int flags)
> 
>  	/*
>  	 * ACLs with no ACEs are treated differently in the inheritable
> -	 * and effective cases: when there are no inheritable ACEs, we
> -	 * set a zero-length default posix acl:
> +	 * and effective cases.
>  	 */
> -	if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) {
> -		pacl = posix_acl_alloc(0, GFP_KERNEL);
> -		return pacl ? pacl : ERR_PTR(-ENOMEM);
> -	}
> +	if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT))
> +		return NULL;
> +
>  	/*
>  	 * When there are no effective ACEs, the following will end
>  	 * up setting a 3-element effective posix ACL with all
> @@ -831,7 +831,7 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp,
> struct svc_fh *fhp,
>  	if (host_error < 0)
>  		goto out_release;
> 
> -	if (S_ISDIR(inode->i_mode)) {
> +	if (dpacl && S_ISDIR(inode->i_mode)) {
>  		host_error = inode->i_op->set_acl(inode, dpacl,
>  						  ACL_TYPE_DEFAULT);
>  	}
> -- 
> 1.9.0
>

next prev parent reply	other threads:[~2014-04-18 12:19 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-17 12:46 [PATCH] NFSD: Clear cached acl after setting a zero-length default posix acl: Kinglong Mee
2014-04-17 14:36 ` Christoph Hellwig
2014-04-18  3:48   ` [PATCH v2] NFSD: Don't set default ACL if there are no ACE entries Kinglong Mee
2014-04-18 12:19     ` J. Bruce Fields [this message]
2014-04-18 12:49       ` [PATCH v3] NFSD: Call ->set_acl with a NULL ACL structure if no entries Kinglong Mee
2014-05-08 16:41         ` J. Bruce Fields
2014-04-18 12:56       ` [PATCH v2] NFSD: Don't set default ACL if there are no ACE entries Kinglong Mee
2014-04-18 13:47       ` Christoph Hellwig
2014-04-18  4:03   ` [PATCH] NFSD: Clear cached acl after setting a zero-length default posix acl: Kinglong Mee
2014-04-18 12:13   ` J. Bruce Fields
2014-04-18 12:26     ` Kinglong Mee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140418121920.GD18612@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=hch@infradead.org \
    --cc=kinglongmee@gmail.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).