From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D2D21DE3B5 for ; Thu, 19 Feb 2026 22:14:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771539244; cv=none; b=r5rg3uzCFy+lH7U6oMqdfJbaJ9dxXfEresZ+VqZK89g0RkKDbuALGiEWIEMUrmdA2G5dHEh/SHmmvfxfty6qEVn6TRwSJKstyxiQkfFc7bvVTrpQS0fOeJFkGn0Q0tEcbakIzBvY43IxiW0qkhxhzjDxhkjS9/G6RABEFipYuxE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771539244; c=relaxed/simple; bh=+GFXYNZnh34HBNl4rd+ke+On75RPWY6aF6LyGPJ1stI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p+EsxsvMVEkxlw7cL0f6tpaowRdPkpv31Kyz6wMTEyCX+HKv6Vq89N62qguEWcXq2ouEoi1CEZ5RoEuJPWY9CNzDdtx+y54wEch4vQmx094lv9+d8SNGG+SOevv4tP0a3gBIDFsjp239k0+iLvf1gaYJVfVEZ6KM+H+WiFRO1Ss= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eU2s3Kte; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eU2s3Kte" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DA57AC116C6; Thu, 19 Feb 2026 22:14:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1771539244; bh=+GFXYNZnh34HBNl4rd+ke+On75RPWY6aF6LyGPJ1stI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eU2s3Ktex9Uc7pWUPb3ymn9SgmpARJXL+3ep1w9h90AW5Cwtc328hpTarJjwG5f1z uVGOG9wh6Fv1KimJQdK2KOXUJoQSAqlJ8gMMJAH2Ik0iNGuX/qOQIODGP2y6eu+JVQ oB2LjfGi1P/R72hMJJkyjwdk82Vr8EAHl0hhnkgrVAWIm04fQYwb3dskXOXbstFjWa dGbq+VVSJ6jyJkA7qdkINxKwPktS8+vr6HPs1ctG96SR7hpMmHfmPXUJDZ0iWmiLdH nd1M1o+6zOERadBEBKTGS3zCpnc+I0DTiRAF0+ELc5QYA+K+Fl0X+NWxirZ6EgMhBl T2R6DfFjBbclA== From: Mike Snitzer To: Chuck Lever , Jeff Layton , Trond Myklebust , Anna Schumaker Cc: linux-nfs@vger.kernel.org Subject: [RFC PATCH 07/11] NFSD: add NFS4ACL_DACL and NFS4ACL_SACL passthru support Date: Thu, 19 Feb 2026 17:13:48 -0500 Message-ID: <20260219221352.40554-8-snitzer@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20260219221352.40554-1-snitzer@kernel.org> References: <20260219221352.40554-1-snitzer@kernel.org> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Mike Snitzer This 4.1 DACL and SACL support is confined to NFSD's NFS reexport case (e.g. when NFSD 4.1 reexports NFS 4.2). Signed-off-by: Mike Snitzer --- fs/nfsd/nfs4proc.c | 3 +++ fs/nfsd/nfs4xdr.c | 49 ++++++++++++++++++++++++++++++++++++++-------- fs/nfsd/nfsd.h | 5 +++-- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 796954a24cde..86c792996d85 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -91,6 +91,9 @@ check_attr_support(struct nfsd4_compound_state *cstate, u32 *bmval, return nfserr_attrnotsupp; if ((bmval[0] & FATTR4_WORD0_ACL) && !nfsd_supports_nfs4_acl(dentry)) return nfserr_attrnotsupp; + if ((bmval[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL)) && + !nfsd_supports_nfs4_acl(dentry)) + return nfserr_attrnotsupp; if ((bmval[2] & (FATTR4_WORD2_POSIX_DEFAULT_ACL | FATTR4_WORD2_POSIX_ACCESS_ACL)) && !IS_POSIXACL(d_inode(dentry))) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 01d362a486f8..45aecf1c7878 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -315,7 +315,13 @@ __be32 nfsd4_decode_nfs4_acl_passthru(struct nfsd4_compoundargs *argp, goto out; } - (*acl)->type = NFS4ACL_ACL; + if (bmval[0] & FATTR4_WORD0_ACL) + (*acl)->type = NFS4ACL_ACL; + else if (bmval[1] & FATTR4_WORD1_DACL) + (*acl)->type = NFS4ACL_DACL; + else if (bmval[1] & FATTR4_WORD1_SACL) + (*acl)->type = NFS4ACL_SACL; + (*acl)->len = acl_len; (*acl)->pgbase = pgbase; @@ -571,7 +577,8 @@ nfsd4_decode_fattr4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen, iattr->ia_size = size; iattr->ia_valid |= ATTR_SIZE; } - if (bmval[0] & FATTR4_WORD0_ACL) { + if (bmval[0] & FATTR4_WORD0_ACL || + (bmval[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL))) { status = nfsd4_decode_acl(argp, acl, attrlist4_count); if (status) return status; @@ -3253,8 +3260,12 @@ static __be32 nfsd4_encode_fattr4_supported_attrs(struct xdr_stream *xdr, u32 supp[3]; memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp)); - if (!nfsd_supports_nfs4_acl(args->dentry)) - supp[0] &= ~FATTR4_WORD0_ACL; + if (!nfsd_supports_nfs4_acl(args->dentry)) { + if (supp[0] & FATTR4_WORD0_ACL) + supp[0] &= ~FATTR4_WORD0_ACL; + else if ((supp[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL))) + supp[1] &= ~(FATTR4_WORD1_DACL | FATTR4_WORD1_SACL); + } if (!args->contextsupport) supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL; @@ -3689,8 +3700,12 @@ static __be32 nfsd4_encode_fattr4_suppattr_exclcreat(struct xdr_stream *xdr, u32 supp[3]; memcpy(supp, nfsd_suppattrs[resp->cstate.minorversion], sizeof(supp)); - if (!nfsd_supports_nfs4_acl(args->dentry)) - supp[0] &= ~FATTR4_WORD0_ACL; + if (!nfsd_supports_nfs4_acl(args->dentry)) { + if (supp[0] & FATTR4_WORD0_ACL) + supp[0] &= ~FATTR4_WORD0_ACL; + else if ((supp[1] & (FATTR4_WORD1_DACL | FATTR4_WORD1_SACL))) + supp[1] &= ~(FATTR4_WORD1_DACL | FATTR4_WORD1_SACL); + } if (!args->contextsupport) supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL; @@ -3880,8 +3895,8 @@ static const nfsd4_enc_attr nfsd4_enc_fattr4_encode_ops[] = { [FATTR4_MOUNTED_ON_FILEID] = nfsd4_encode_fattr4_mounted_on_fileid, [FATTR4_DIR_NOTIF_DELAY] = nfsd4_encode_fattr4__noop, [FATTR4_DIRENT_NOTIF_DELAY] = nfsd4_encode_fattr4__noop, - [FATTR4_DACL] = nfsd4_encode_fattr4__noop, - [FATTR4_SACL] = nfsd4_encode_fattr4__noop, + [FATTR4_DACL] = nfsd4_encode_fattr4_acl, + [FATTR4_SACL] = nfsd4_encode_fattr4_acl, [FATTR4_CHANGE_POLICY] = nfsd4_encode_fattr4__noop, [FATTR4_FS_STATUS] = nfsd4_encode_fattr4__noop, @@ -4068,6 +4083,24 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr, goto out; } else if (err != 0) goto out_nfserr; + } else if (attrmask[1] & FATTR4_WORD1_DACL) { + err = nfsd4_get_nfs4_acl(rqstp, dentry, NFS4ACL_DACL, &args.acl); + if (err == -EOPNOTSUPP) + attrmask[1] &= ~FATTR4_WORD1_DACL; + else if (err == -EINVAL) { + status = nfserr_attrnotsupp; + goto out; + } else if (err != 0) + goto out_nfserr; + } else if (attrmask[1] & FATTR4_WORD1_SACL) { + err = nfsd4_get_nfs4_acl(rqstp, dentry, NFS4ACL_SACL, &args.acl); + if (err == -EOPNOTSUPP) + attrmask[1] &= ~FATTR4_WORD1_SACL; + else if (err == -EINVAL) { + status = nfserr_attrnotsupp; + goto out; + } else if (err != 0) + goto out_nfserr; } args.contextsupport = false; diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index a01d70953358..34f3254ba939 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -441,7 +441,8 @@ enum { NFSD4_SUPPORTED_ATTRS_WORD0 #define NFSD4_1_SUPPORTED_ATTRS_WORD1 \ - (NFSD4_SUPPORTED_ATTRS_WORD1 | PNFSD_SUPPORTED_ATTRS_WORD1) + (NFSD4_SUPPORTED_ATTRS_WORD1 | PNFSD_SUPPORTED_ATTRS_WORD1 | \ + FATTR4_WORD1_DACL | FATTR4_WORD1_SACL) #define NFSD4_1_SUPPORTED_ATTRS_WORD2 \ (NFSD4_SUPPORTED_ATTRS_WORD2 | PNFSD_SUPPORTED_ATTRS_WORD2 | \ @@ -534,7 +535,7 @@ static inline bool nfsd_attrs_supported(u32 minorversion, const u32 *bmval) #define NFSD_WRITEABLE_ATTRS_WORD1 \ (FATTR4_WORD1_MODE | FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP \ | FATTR4_WORD1_TIME_ACCESS_SET | FATTR4_WORD1_TIME_CREATE \ - | FATTR4_WORD1_TIME_MODIFY_SET) + | FATTR4_WORD1_TIME_MODIFY_SET | FATTR4_WORD1_DACL | FATTR4_WORD1_SACL) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL #define MAYBE_FATTR4_WORD2_SECURITY_LABEL \ FATTR4_WORD2_SECURITY_LABEL -- 2.44.0