Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2572201ybt; Tue, 16 Jun 2020 09:18:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8ZXPUiyEC0mzoKOyI3TTMoY2lkWLSxp9IFK6QcH4HuQn4i5Wdja2adu5amMcPhYqEqKHY X-Received: by 2002:a17:907:2058:: with SMTP id pg24mr3382347ejb.63.1592324298699; Tue, 16 Jun 2020 09:18:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592324298; cv=none; d=google.com; s=arc-20160816; b=wzS5dTq9w0r0aEfXdvSySR3P97f+K9eF2j6R0gPjOuqduDtW27uHNGxFIXIFqt+uqg qqNRh6qrz4lg4mqmZ4B90cmJlv7mIFlhvGP3fK4kvIwHgJFB0zD2LZGx0IJW+vXaE8NK Ym83wztQunAtnNxbnQbRiUw273MKi3Dy3P5hW/8t0AefOLhhVys6r/bNYvzXTtgAPQNh k19fcRv11LW0SnCNPq3i80Y381HbhWBm9uYtqajKGhH74ySZwiInhIJdVTFOjiqkUWWm 0IIcvWqZUpB/wfLGDqWuXmOw/pliceHbmwK8rnKOLqvpfGO+or4pMIU2Nyfa1PIoELdA Mvrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=RcbSMXhODqJvViCJeZ05GHO33u0xVBh7EIAnE2robwo=; b=Q4pS7C8TGnG7diY3nuvIBUQRv2+FLM6uV8tZwDlgDRNPwR1/NyuC6NmWRzng7uZ1rk 8j79ZAE7PvbOJDtw78goK/1F7l1yhQztfBQe2KjQ+2qpC3Po3emdYmw1aEL9XaePXsZh HlgEK3ry4J23p7j4hn6Vb8K4CoC4FTlAGmTvOVgcT5XcFRdVQg9uT+QE4c/ZIPF+8iyd o3d7aTUtAg23izqpv27PSQx71zrBAvybOh2hbw4roQ6roHZYnoKjzJkRTK25BvS7kgjh IoHc5GBCNT72cCG1p6I/yadvO1rmYyU5muEA1h9pzAfhMZnRHlUHRcvb0HEV0aad0ZQy wT5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=qZmrMWoF; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h2si10746173ejq.305.2020.06.16.09.17.53; Tue, 16 Jun 2020 09:18:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=qZmrMWoF; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730320AbgFPQRF (ORCPT + 99 others); Tue, 16 Jun 2020 12:17:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729942AbgFPQRD (ORCPT ); Tue, 16 Jun 2020 12:17:03 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E455AC061573 for ; Tue, 16 Jun 2020 09:17:02 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id l17so3452684wmj.0 for ; Tue, 16 Jun 2020 09:17:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=RcbSMXhODqJvViCJeZ05GHO33u0xVBh7EIAnE2robwo=; b=qZmrMWoF4kZI83ycROC722mWeg+mBC3HXlQhdBpIhoLW9zLbzCEF52ecykLGxvfQxs +kR82lQTLUMcNBnMxBRtMW9El1teYfAPr7Nh4exfthcdl78m3WlbMsRby+UTfSHGP/xx lL04T7ENHjg9gvjDaPoSPGJWpwRF18wCSoqT6675sdsqEqqcXnphHHFbXnEynew53kja X4Ye8Zqgep+KlClyH96JZjky4GG5Vh3lOG47DtxUGg08mHDXQddbSffsSEF7l0e4LErj o7kc0sGufJn9qewDtlyiu9OOMcs8UQraj9fOW/KJ/xyV+4Uhp0D8p/35O2PZFp8qCLE4 UC4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=RcbSMXhODqJvViCJeZ05GHO33u0xVBh7EIAnE2robwo=; b=cMnf/pUu0fEz55BNebzWkqTp6SMeBKpwmwAi3iZH1gekhH92+kR9muJHSvxgrRv3mC hTFFyJUdFiJsvTRRAHAtelbBq6wpIQwYpuQEnxc0LJ3SoK8xyvq5zJNs6ee9FGfJNOzc nNbJVXyReHyQ/4qjwhXHwCJcWPzeofI75SlG3EwuUghKwdbRde7DHCDstuc3ullgZlQg 7EOW0KMWIeHeIx+/YBnEe8ViyPXf7EwYvV4AGBLFlHh93vjQehMYXah8YOeEFntR88Sm Vg/abI1y5WIl5Iu3YClz8O5r4cMif/HLCiFFR+5oYVLPJuLh0HOefC8IlW0H3Z5rRQi1 wlDg== X-Gm-Message-State: AOAM533ml0SGhWKdwOwtOXD/aOpYX+vU6Xf582temee4jaOZw+jQ0l+Q tg+F4L/MkH36Oj6FNfPlf9I= X-Received: by 2002:a05:600c:29a:: with SMTP id 26mr3838817wmk.76.1592324221467; Tue, 16 Jun 2020 09:17:01 -0700 (PDT) Received: from lorien (lorien.valinor.li. [2a01:4f8:192:61d5::2]) by smtp.gmail.com with ESMTPSA id t188sm4660005wmt.27.2020.06.16.09.16.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jun 2020 09:16:58 -0700 (PDT) Date: Tue, 16 Jun 2020 18:16:58 +0200 From: Salvatore Bonaccorso To: "J. Bruce Fields" Cc: Elliott Mitchell , 962254@bugs.debian.org, linux-nfs@vger.kernel.org, agruenba@redhat.com Subject: Re: Umask ignored when mounting NFSv4.2 share of an exported Filesystem with noacl (was: Re: Bug#962254: NFS(v4) broken at 4.19.118-2) Message-ID: <20200616161658.GA17251@lorien.valinor.li> References: <20200605051607.GA34405@mattapan.m5p.com> <20200605174349.GA40135@mattapan.m5p.com> <20200605183631.GA1720057@eldamar.local> <20200611223711.GA37917@mattapan.m5p.com> <20200613125431.GA349352@eldamar.local> <20200613184527.GA54221@mattapan.m5p.com> <20200615145035.GA214986@pick.fieldses.org> <20200615185311.GA702681@eldamar.local> <20200616023820.GB214986@pick.fieldses.org> <20200616024212.GC214986@pick.fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616024212.GC214986@pick.fieldses.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi Bruce, On Mon, Jun 15, 2020 at 10:42:12PM -0400, J. Bruce Fields wrote: > On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > > Thanks for the detailed reproducer. > > > > It's weird, as the server is basically just setting the transmitted > > umask and then calling into the vfs to handle the rest, so it's not much > > different from any other user. But the same reproducer run just on the > > ext4 filesystem does give the right permissions.... > > > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > > > if (!IS_POSIXACL(path.dentry->d_inode)) > > mode &= ~current_umask(); > > error = security_path_mkdir(&path, dentry, mode); > > if (!error) > > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > > > whereas nfsd just calls into vfs_mkdir(). > > > > And that IS_POSIXACL() check is exactly a check whether the filesystem > > supports ACLs. So I guess it's the responsibility of the caller of > > vfs_mkdir() to handle that case. > > But, that's unsatisfying: why isn't vfs_mkdir() taking care of this > itself? And what about that security_path_mkdir() call? And are the > other cases of that switch in fs/nfsd/vfs.c:nfsd_create_locked() > correct? I think there may be some more cleanup here called for, I'll > poke around tomorrow. This might be unneeded to test but as additional datapoint which confirms the suspect: I tried check the commit around 47057abde515 ("nfsd: add support for the umask attribute") in 4.10-rc1 A kernel built with 47057abde515~1, and mounting from an enough recent client which has at least dff25ddb4808 ("nfs: add support for the umask attribute") does not show the observed behaviour, the server built with 47057abde515 does. Regards, Salvatore