[PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Jeff Layton]

At this week's NFS Bakeathon, we had a discussion around deprecating the
NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
only accept NFSv4.0 if it was explicitly requested in the config file or
in command-line options.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
Jeff Layton (2):
      nfsd: disable v4.0 by default
      nfsdctl: disable v4.0 by default

 utils/nfsd/nfsd.c       | 5 +++--
 utils/nfsdctl/nfsdctl.c | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)
---
base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
change-id: 20251008-master-724587cca99a

Best regards,
-- 
Jeff Layton <jlayton@kernel.org>

[PATCH 1/2] nfsd: disable v4.0 by default

[Jeff Layton]

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 utils/nfsd/nfsd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index a405649976c25474c032a8dc63eca6b63b789278..365e145d8860f54a168613ac15f3f1345b794b30 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -134,9 +134,10 @@ main(int argc, char **argv)
 		}
 	}
 
-	/* We assume the kernel will default all minor versions to 'on',
-	 * and allow the config file to disable some.
+	/* We assume the kernel will default all minor versions besides '0'
+	 * to 'on', and allow the config file to disable some.
 	 */
+	NFSCTL_MINORUNSET(minorvers, 0);
 	for (i = NFS4_MINMINOR; i <= NFS4_MAXMINOR; i++) {
 		char tag[20];
 		sprintf(tag, "vers4.%d", i);

-- 
2.51.0

[PATCH 2/2] nfsdctl: disable v4.0 by default

[Jeff Layton]

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 utils/nfsdctl/nfsdctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/nfsdctl/nfsdctl.c b/utils/nfsdctl/nfsdctl.c
index e7a0e12495277d2e98a6c21c7cee29fe459f37cc..87320edd45d4a0066c0b88ea6d7c17bce783e39f 100644
--- a/utils/nfsdctl/nfsdctl.c
+++ b/utils/nfsdctl/nfsdctl.c
@@ -1474,7 +1474,7 @@ static int configure_versions(void)
 	 * First apply the default versX.Y settings from nfs.conf.
 	 */
 	update_nfsd_version(3, 0, true);
-	update_nfsd_version(4, 0, true);
+	update_nfsd_version(4, 0, false);
 	update_nfsd_version(4, 1, true);
 	update_nfsd_version(4, 2, true);
 

-- 
2.51.0

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Jeff Layton]

On Wed, 2025-10-08 at 16:13 -0400, Jeff Layton wrote:
> At this week's NFS Bakeathon, we had a discussion around deprecating the
> NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
> only accept NFSv4.0 if it was explicitly requested in the config file or
> in command-line options.
> 
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
> Jeff Layton (2):
>       nfsd: disable v4.0 by default
>       nfsdctl: disable v4.0 by default
> 
>  utils/nfsd/nfsd.c       | 5 +++--
>  utils/nfsdctl/nfsdctl.c | 2 +-
>  2 files changed, 4 insertions(+), 3 deletions(-)
> ---
> base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
> change-id: 20251008-master-724587cca99a
> 
> Best regards,

Steved, ping?

Also, if anyone else wants to send an Acked-by for this, I wouldn't
complain.

Cheers,
-- 
Jeff Layton <jlayton@kernel.org>

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Steve Dickson]

On 1/9/26 2:04 PM, Jeff Layton wrote:
> On Wed, 2025-10-08 at 16:13 -0400, Jeff Layton wrote:
>> At this week's NFS Bakeathon, we had a discussion around deprecating the
>> NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
>> only accept NFSv4.0 if it was explicitly requested in the config file or
>> in command-line options.
>>
>> Signed-off-by: Jeff Layton <jlayton@kernel.org>
>> ---
>> Jeff Layton (2):
>>        nfsd: disable v4.0 by default
>>        nfsdctl: disable v4.0 by default
>>
>>   utils/nfsd/nfsd.c       | 5 +++--
>>   utils/nfsdctl/nfsdctl.c | 2 +-
>>   2 files changed, 4 insertions(+), 3 deletions(-)
>> ---
>> base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
>> change-id: 20251008-master-724587cca99a
>>
>> Best regards,
> 
> Steved, ping?
Working on it...

steved.

> 
> Also, if anyone else wants to send an Acked-by for this, I wouldn't
> complain.
> 
> Cheers,

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Steve Dickson]

On 10/8/25 4:13 PM, Jeff Layton wrote:
> At this week's NFS Bakeathon, we had a discussion around deprecating the
> NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
> only accept NFSv4.0 if it was explicitly requested in the config file or
> in command-line options.
> 
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
> Jeff Layton (2):
>        nfsd: disable v4.0 by default
>        nfsdctl: disable v4.0 by default
> 
>   utils/nfsd/nfsd.c       | 5 +++--
>   utils/nfsdctl/nfsdctl.c | 2 +-
>   2 files changed, 4 insertions(+), 3 deletions(-)
> ---
> base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
> change-id: 20251008-master-724587cca99a
> 
> Best regards,
Committed... (tag: nfs-utils-2-9-1-rc1)

My apologies for taking so long... The CVE
took longer than expected and there was
some issues with recent patches,
which caused another release..

Turning off a protocol version (v4.0)
on the server by default which this rc
release does, is not a small thing
although with the 7.X kernels the
v4.0 client is already off.

So the next rc releases will contain
the current outstanding patches (a rc
release for each patch set) then creating
another release (2.9.1)...

Definitely in time for the upcoming Bakeathon!

steved.

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Salvatore Bonaccorso]

Hi Steve, Jeff,

On Sun, Mar 22, 2026 at 04:30:02PM -0400, Steve Dickson wrote:
> 
> 
> On 10/8/25 4:13 PM, Jeff Layton wrote:
> > At this week's NFS Bakeathon, we had a discussion around deprecating the
> > NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
> > only accept NFSv4.0 if it was explicitly requested in the config file or
> > in command-line options.
> > 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> > Jeff Layton (2):
> >        nfsd: disable v4.0 by default
> >        nfsdctl: disable v4.0 by default
> > 
> >   utils/nfsd/nfsd.c       | 5 +++--
> >   utils/nfsdctl/nfsdctl.c | 2 +-
> >   2 files changed, 4 insertions(+), 3 deletions(-)
> > ---
> > base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
> > change-id: 20251008-master-724587cca99a
> > 
> > Best regards,
> Committed... (tag: nfs-utils-2-9-1-rc1)
> 
> My apologies for taking so long... The CVE
> took longer than expected and there was
> some issues with recent patches,
> which caused another release..
> 
> Turning off a protocol version (v4.0)
> on the server by default which this rc
> release does, is not a small thing
> although with the 7.X kernels the
> v4.0 client is already off.

I have one small followup question on that. The nfs.conf reads:

[nfsd]
# debug=0
# threads=16
# host=
# port=0
# grace-time=90
# lease-time=90
# udp=n
# tcp=y
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
[...]

Should the 'default off' change as well be reflected in the commented
entry for vers4.0 and read vers4.0=n for consistency?

Regards,
Salvatore

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[Jeff Layton]

On Sun, 2026-03-22 at 22:31 +0100, Salvatore Bonaccorso wrote:
> Hi Steve, Jeff,
> 
> On Sun, Mar 22, 2026 at 04:30:02PM -0400, Steve Dickson wrote:
> > 
> > 
> > On 10/8/25 4:13 PM, Jeff Layton wrote:
> > > At this week's NFS Bakeathon, we had a discussion around deprecating the
> > > NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
> > > only accept NFSv4.0 if it was explicitly requested in the config file or
> > > in command-line options.
> > > 
> > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > ---
> > > Jeff Layton (2):
> > >        nfsd: disable v4.0 by default
> > >        nfsdctl: disable v4.0 by default
> > > 
> > >   utils/nfsd/nfsd.c       | 5 +++--
> > >   utils/nfsdctl/nfsdctl.c | 2 +-
> > >   2 files changed, 4 insertions(+), 3 deletions(-)
> > > ---
> > > base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
> > > change-id: 20251008-master-724587cca99a
> > > 
> > > Best regards,
> > Committed... (tag: nfs-utils-2-9-1-rc1)
> > 
> > My apologies for taking so long... The CVE
> > took longer than expected and there was
> > some issues with recent patches,
> > which caused another release..
> > 
> > Turning off a protocol version (v4.0)
> > on the server by default which this rc
> > release does, is not a small thing
> > although with the 7.X kernels the
> > v4.0 client is already off.
> 
> I have one small followup question on that. The nfs.conf reads:
> 
> [nfsd]
> # debug=0
> # threads=16
> # host=
> # port=0
> # grace-time=90
> # lease-time=90
> # udp=n
> # tcp=y
> # vers3=y
> # vers4=y
> # vers4.0=y
> # vers4.1=y
> # vers4.2=y
> [...]
> 
> Should the 'default off' change as well be reflected in the commented
> entry for vers4.0 and read vers4.0=n for consistency?
> 

Yes, good catch. Would you mind spinning up a patch? If not, I'll do
one in the near future.
-- 
Jeff Layton <jlayton@kernel.org>

Re: [PATCH 0/2] nfsd/nfsdctl: default to starting with v4.0 servers disabled

[salvatore.bonaccorso]

Hi Jeff,

On Sun, Mar 22, 2026 at 05:42:29PM -0400, Jeff Layton wrote:
> On Sun, 2026-03-22 at 22:31 +0100, Salvatore Bonaccorso wrote:
> > Hi Steve, Jeff,
> > 
> > On Sun, Mar 22, 2026 at 04:30:02PM -0400, Steve Dickson wrote:
> > > 
> > > 
> > > On 10/8/25 4:13 PM, Jeff Layton wrote:
> > > > At this week's NFS Bakeathon, we had a discussion around deprecating the
> > > > NFSv4.0 protocol. To prepare for that eventuality, make the NFS server
> > > > only accept NFSv4.0 if it was explicitly requested in the config file or
> > > > in command-line options.
> > > > 
> > > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > > ---
> > > > Jeff Layton (2):
> > > >        nfsd: disable v4.0 by default
> > > >        nfsdctl: disable v4.0 by default
> > > > 
> > > >   utils/nfsd/nfsd.c       | 5 +++--
> > > >   utils/nfsdctl/nfsdctl.c | 2 +-
> > > >   2 files changed, 4 insertions(+), 3 deletions(-)
> > > > ---
> > > > base-commit: 612e407c46b848932c32be00b835a7b5317e3d08
> > > > change-id: 20251008-master-724587cca99a
> > > > 
> > > > Best regards,
> > > Committed... (tag: nfs-utils-2-9-1-rc1)
> > > 
> > > My apologies for taking so long... The CVE
> > > took longer than expected and there was
> > > some issues with recent patches,
> > > which caused another release..
> > > 
> > > Turning off a protocol version (v4.0)
> > > on the server by default which this rc
> > > release does, is not a small thing
> > > although with the 7.X kernels the
> > > v4.0 client is already off.
> > 
> > I have one small followup question on that. The nfs.conf reads:
> > 
> > [nfsd]
> > # debug=0
> > # threads=16
> > # host=
> > # port=0
> > # grace-time=90
> > # lease-time=90
> > # udp=n
> > # tcp=y
> > # vers3=y
> > # vers4=y
> > # vers4.0=y
> > # vers4.1=y
> > # vers4.2=y
> > [...]
> > 
> > Should the 'default off' change as well be reflected in the commented
> > entry for vers4.0 and read vers4.0=n for consistency?
> > 
> 
> Yes, good catch. Would you mind spinning up a patch? If not, I'll do
> one in the near future.

Thanks for confirming, yes happy to provide a patch for that, will
send it later the day.

Regards,
Salvatore