Received: by 10.223.176.5 with SMTP id f5csp2893558wra; Mon, 29 Jan 2018 05:50:28 -0800 (PST) X-Google-Smtp-Source: AH8x226PM2/Kfax9HZFSotcoch03RADLnSiEWM1A2w0OD5D4xt4TmXseSqYT1VdaA7w+kYmWifrC X-Received: by 2002:a17:902:76ca:: with SMTP id j10-v6mr12394354plt.204.1517233828536; Mon, 29 Jan 2018 05:50:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517233828; cv=none; d=google.com; s=arc-20160816; b=GzBxbEYqCJ5Zns2gjs0IXhAd3oYFI7Wxdb6Oz1jKPkU4HoMk3KYPXpZsCEGcukiyvB elPZpizFZ0Hh1CkzzdxWaZ+7UevY1hV8B08r+S3dk+9Ig7VdrQFSkGAfOXixtTkLd3tf IeD/r8Or6mTGKU7z29p71b1ZeihIyPUztidMUgRMyJLdEyy6Ka3+Ak96Xc9/f8a5bef5 LVNgMKMoma3ejxsuWZR3tMFX5XahPoLVhRJ307aDyiLAaiiVfUzCsXFGJPhrkxhWy1hK fpcxJOrEkbzirVMlzz8RvCOuD/Dh10m4Kg8rNFyHsA45njCspycq0JaqBT65oHDlQFlQ 0mJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:user-agent:message-id:date:subject:cc:to :from:arc-authentication-results; bh=QueUrS2T1VSjnJUiXLStMSnXnc+FOUhGvZyoCXh6D4U=; b=eURwYpZeI/U0tmVFlai9TZvBP+KkP80M3ukCSt600TF4k9xZ3toSLdh7g0XFeXJ5jc NtM3CFA4e9Tlj6o+krtYji/bHfNwtRiVDkW6ACrT1WtcLgGiN8RtqTiqN9bQvX6PkDYu ePTu+MY2u11jRjZLGTH7VFRukV7TNJDZz0u0eElDPpDoynf/O6VfoOZcGHcOklwP1zy6 rU7ChIBMnqas0leZVrESM0Ip01DrrXwZN3EfH0cHXgMZs9apu+hLQaGEOCBbc4aVQkQF f4uIx3GxQNM/n6fJrvrkLf+0oHXP61wx801vO66pNRkp8r9MO1XPrb3hHxAD7mqyZfou aagw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9-v6si8373456pll.776.2018.01.29.05.50.13; Mon, 29 Jan 2018 05:50:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751909AbeA2Ntp convert rfc822-to-8bit (ORCPT + 99 others); Mon, 29 Jan 2018 08:49:45 -0500 Received: from mailin.studentenwerk.mhn.de ([141.84.225.229]:60004 "EHLO email.studentenwerk.mhn.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751421AbeA2Nto (ORCPT ); Mon, 29 Jan 2018 08:49:44 -0500 X-Greylist: delayed 411 seconds by postgrey-1.27 at vger.kernel.org; Mon, 29 Jan 2018 08:49:43 EST Received: from mailhub.studentenwerk.mhn.de (mailhub.studentenwerk.mhn.de [127.0.0.1]) by email.studentenwerk.mhn.de (Postfix) with ESMTP id 3zVW0q3lfczMktN; Mon, 29 Jan 2018 14:42:51 +0100 (CET) From: Wolfgang Walter To: stable@vger.kernel.org Cc: gregkh@linuxfoundation.org, Ben Hutchings , linux-kernel@vger.kernel.org Subject: Re: NFS: regression in stable kernel 4.9.78 from 4.9.75 Date: Mon, 29 Jan 2018 14:42:49 +0100 Message-ID: <3821612.ct3L5FXvrM@stwm.de> User-Agent: KMail/4.14.3 (Linux/4.4.0-109-generic; KDE/4.14.13; x86_64; ; ) In-Reply-To: <2316958.ApAh1ic5rg@stwm.de> References: <2316958.ApAh1ic5rg@stwm.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Content-Type: text/plain; charset="iso-8859-1" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello! Am Montag, 29. Januar 2018, 13:22:49 schrieb Wolfgang Walter: > Hello, > > after upgrading our nfs-server from 4.9.75 to 4.9.78 group permissions stop > working (for clients). If you need group permissions to access a file or > directory, sometimes access is granted, but rather often denied. Often > access to the same object is denied within seconds after access was granted > in an earlier access. user permissions work fine. > > Downgrading to 4.9.75 fixes the issue. > > We use kerberos. > > Regards, This seems to be fixed in 4.15 with commit 1995266727fa8143897e89b55f5d3c79aa828420: commit 1995266727fa8143897e89b55f5d3c79aa828420 Author: Ben Hutchings Date: Mon Jan 22 20:11:06 2018 +0000 nfsd: auth: Fix gid sorting when rootsquash enabled Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility group_info allocators") appears to break nfsd rootsquash in a pretty major way. It adds a call to groups_sort() inside the loop that copies/squashes gids, which means the valid gids are sorted along with the following garbage. The net result is that the highest numbered valid gids are replaced with any lower-valued garbage gids, possibly including 0. We should sort only once, after filling in all the gids. Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility ...") Signed-off-by: Ben Hutchings Acked-by: J. Bruce Fields Signed-off-by: Linus Torvalds So this should be applied to stables 4.4, 4.9 and 4.14 (and others where bdcf0a423ea1 has been backported to). Regards, -- Wolfgang Walter Studentenwerk M?nchen Anstalt des ?ffentlichen Rechts