Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2193394ybt; Mon, 15 Jun 2020 22:32:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz31PyvqnhjxipRfPhtAE5bF3VXgImpVGsT5I3GQ2nHdJu6O0c1r8Ve/zdpCiEXxuJcEVhz X-Received: by 2002:a17:906:ecfa:: with SMTP id qt26mr1176708ejb.493.1592285575427; Mon, 15 Jun 2020 22:32:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592285575; cv=none; d=google.com; s=arc-20160816; b=gp6cP2V6LDPTYpmaRuqECS29/rJMJYcBcUAiB3l6+iT04XpjB7bcQ/7mkZOYSsAWks cd3m/Wy5xSfLma7FWSfLPf8hhV3WvKVVckEjWUrzkAonen5D+aAVwdWKUH5gYNSz7Ach 208gb1bpcebJjYTd3yyfi4Um4PGxkdbXnd7Pk2T4EG+LHePCtguSDr/8pEjMIRPzRTkx NZnfB8not1Aft8mOjlAPypw1Wynk7pzmreSussa4oxGqebET70y8duy53KbiH22R6K/4 DV7HgYrkSpg1g+IIjK/6etLe2diCdxpA/Nxo6XVrZ/qQmfqejhlVLWnTOc3BBaNVUrSa /Iug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Knu4ideZRMRcliP1JPWy3sAJKLBQOzlQocufK0a3F/k=; b=kfiSPHLbygIkhpgYjmr9JUlzjxS7Z3uKXDoaBE/V5MmlX8cQ4fE8ZKcsKKZWvvn4CU lxBEYXMbuTKGzZWqOLMZ2GaGAR912AoVY+cmupn24EtWdudOaNG4GFXlhf4gBa//PvlS W8lwIb87rsEZ+p3kJHOF/QRDwvtMvEGvBImPXj4a0sRMP1zBv6mYW3yYylpHk0J6B5H7 m4SelgaCHm5TtBx72pUSiqhe/B2jS1sGeA57BWINuxqC3o5q6qh5ALMSVpqVrxwk+mio DFnkMgANIstQAer2ERBGi5LR1Oy6HTEVBG9y5wKSvWU2H6fPLhNA7ahfBWW3+uhEyMFd SyZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=H8mElah1; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s22si9265496edr.241.2020.06.15.22.32.31; Mon, 15 Jun 2020 22:32:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=H8mElah1; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726394AbgFPFc2 (ORCPT + 99 others); Tue, 16 Jun 2020 01:32:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726261AbgFPFc1 (ORCPT ); Tue, 16 Jun 2020 01:32:27 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20182C05BD43 for ; Mon, 15 Jun 2020 22:32:27 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id x13so19322353wrv.4 for ; Mon, 15 Jun 2020 22:32:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Knu4ideZRMRcliP1JPWy3sAJKLBQOzlQocufK0a3F/k=; b=H8mElah10jUn7qUcEb3rJ7KD/0+W+lZ8iaESXnO5RzTO96gcGc4BJtmtzdtI6pWFvW uWCFsELcHBnP9qMKUOMjj3lluSn4cEWPj2CH9F1ut7gW4ZQk3ZhNjq37ndG4qA+/5WN3 Uhwz9yaxRgcBciR3SfCrzuUNAk1gNq9lHWUxjoxjKNnnkVxrmiE3dfGtoiuwaUt2Sot4 KwScTM7vpUTgZDM9N1l/SJu8KiYweCavYGF7Hj1AyEgLRJwmJFH/rX6gOZONw9dqpcI+ VFa9dMQEkIDL/kbfashMmlZ1rkY5NhmGMZSmaY7mLHqgfqqIndfP/E6MyP4CIulrsMod dReg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=Knu4ideZRMRcliP1JPWy3sAJKLBQOzlQocufK0a3F/k=; b=nm9mkMyYaWenCHoPdTugviudtJ959UmtCUknYq4elXyBg4w0/jssarutGeQmtbTTdG +us+g7DHEJQhGW667KdHuuW7NgSx1KEv7DtkDNSAP3DAnOJ7DPNBqBO1QIzwC/mBzD65 /cBdtRm/5dtZHGpzlQ0oOMXTZ4PitKrp/I7IWNeSihb0U8fkX2RWJs1xDwrm6zxVKlCy JgNa9PB8y6Ufx/RogPQt18lpkLx+9CrNh5J4U2GHIV0KnIm4CYZqLOEFhIlu6NzBLERP JFmXRfCdXVKmrAdViPcZLlgSQNCweH9intNbs9VoCNYxMU2nKfLo2BUKZyIKjTe5xEaQ xFcw== X-Gm-Message-State: AOAM531g7vOl7gJKfInmCwlDfLp1JufcJBjYNA8BuU0tHzEyMnxrLL2R gfKG/IW0N+B+mUl4yqYDido= X-Received: by 2002:adf:f790:: with SMTP id q16mr1095545wrp.399.1592285545844; Mon, 15 Jun 2020 22:32:25 -0700 (PDT) Received: from lorien (lorien.valinor.li. [2a01:4f8:192:61d5::2]) by smtp.gmail.com with ESMTPSA id h15sm25803739wrt.73.2020.06.15.22.32.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2020 22:32:24 -0700 (PDT) Date: Tue, 16 Jun 2020 07:32:24 +0200 From: Salvatore Bonaccorso To: "J. Bruce Fields" Cc: Elliott Mitchell , 962254@bugs.debian.org, linux-nfs@vger.kernel.org, agruenba@redhat.com Subject: Re: Umask ignored when mounting NFSv4.2 share of an exported Filesystem with noacl (was: Re: Bug#962254: NFS(v4) broken at 4.19.118-2) Message-ID: <20200616053224.GB19246@lorien.valinor.li> References: <20200605051607.GA34405@mattapan.m5p.com> <20200605174349.GA40135@mattapan.m5p.com> <20200605183631.GA1720057@eldamar.local> <20200611223711.GA37917@mattapan.m5p.com> <20200613125431.GA349352@eldamar.local> <20200613184527.GA54221@mattapan.m5p.com> <20200615145035.GA214986@pick.fieldses.org> <20200615185311.GA702681@eldamar.local> <20200616023820.GB214986@pick.fieldses.org> <20200616024212.GC214986@pick.fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616024212.GC214986@pick.fieldses.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Mon, Jun 15, 2020 at 10:42:12PM -0400, J. Bruce Fields wrote: > On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > > Thanks for the detailed reproducer. > > > > It's weird, as the server is basically just setting the transmitted > > umask and then calling into the vfs to handle the rest, so it's not much > > different from any other user. But the same reproducer run just on the > > ext4 filesystem does give the right permissions.... > > > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > > > if (!IS_POSIXACL(path.dentry->d_inode)) > > mode &= ~current_umask(); > > error = security_path_mkdir(&path, dentry, mode); > > if (!error) > > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > > > whereas nfsd just calls into vfs_mkdir(). > > > > And that IS_POSIXACL() check is exactly a check whether the filesystem > > supports ACLs. So I guess it's the responsibility of the caller of > > vfs_mkdir() to handle that case. > > But, that's unsatisfying: why isn't vfs_mkdir() taking care of this > itself? And what about that security_path_mkdir() call? And are the > other cases of that switch in fs/nfsd/vfs.c:nfsd_create_locked() > correct? I think there may be some more cleanup here called for, I'll > poke around tomorrow. Yes agreed and can confirm: The other cases in fs/nfsd/vfs.c:nfsd_create_locked() seem to have the problem as well. Regards, Salvatore