From: Christian Brauner <brauner@kernel.org>
To: Jeff Layton <jlayton@kernel.org>
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Ondrej Valousek <ondrej.valousek.xm@renesas.com>
Subject: Re: [PATCH RFC] nfs4: add a get_acl stub handler
Date: Fri, 8 Sep 2023 14:55:15 +0200 [thread overview]
Message-ID: <20230908-bandbreite-orgel-065607d1b281@brauner> (raw)
In-Reply-To: <20230907-kdevops-v1-1-c2015c29d634@kernel.org>
On Thu, Sep 07, 2023 at 01:32:36PM -0400, Jeff Layton wrote:
> In older kernels, attempting to fetch that system.posix_acl_access on
> NFSv4 would return -EOPNOTSUPP, but in more recent kernels that returns
> -ENODATA.
>
> Most filesystems that don't support POSIX ACLs leave the SB_POSIXACL
> flag clear, which cues the VFS to return -EOPNOTSUPP in this situation.
> We can't do that with NFSv4 since that flag also cues the VFS to avoid
> applying the umask early.
>
> Fix this by adding a stub get_acl handler for NFSv4 that always returns
> -EOPNOTSUPP.
>
> Reported-by: Ondrej Valousek <ondrej.valousek.xm@renesas.com>
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
> I suspect that this problem popped in due to some VFS layer changes. I
> haven't identified the patch that broke it, but I think this is probably
> the least invasive way to fix it.
>
> Another alternative would be to return -EOPNOTSUPP on filesystems that
> set SB_POSIXACL but that don't set get_acl or get_inode_acl.
>
> Thoughts?
Yes: I hate POSIX ACLs. ;)
Before the VFS rework to only rely on i_op->*acl* methods POSIX ACLs
were set using sb->s_xattr handlers. So when a filesystem raised
SB_POSIXACL but didn't set sb->s_xattr handlers for POSIX ACLs we would:
__vfs_getxattr()
-> xattr_resolve_name()
// no match so return EOPNOTSUPP
No we have
vfs_get_acl()
-> __get_acl()
-> i_op->get_acl
// no get_acl inode method return ENODATA
So as a bugfix to backport I think you should do exactly what you do
here because I'm not sure if some fs relies on ENODATA to be returned if
no get_acl inode method is set. There's a lot of quirkiness everywhere.
But we should look through all callers and if nothing relies on EINVAL
just start returning EOPNOTSUPP if no get_acl i_op is set.
Looks good to me,
Acked-by: Christian Brauner <brauner@kernel.org>
next prev parent reply other threads:[~2023-09-08 12:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-07 17:32 [PATCH RFC] nfs4: add a get_acl stub handler Jeff Layton
2023-09-08 12:55 ` Christian Brauner [this message]
2023-09-08 13:47 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908-bandbreite-orgel-065607d1b281@brauner \
--to=brauner@kernel.org \
--cc=anna@kernel.org \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=ondrej.valousek.xm@renesas.com \
--cc=trond.myklebust@hammerspace.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox