Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1474534pxb; Thu, 28 Jan 2021 18:37:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJyRcUVw/liYXkUT38Xo5F78AlQgsYwu21qxVpS09APzHiTEuMS0gBLEg/KPVEbOp7WXUN55 X-Received: by 2002:a17:906:6a92:: with SMTP id p18mr2408047ejr.308.1611887824132; Thu, 28 Jan 2021 18:37:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611887824; cv=none; d=google.com; s=arc-20160816; b=lPjkhXZNpKig6J52Fgyjzw4FPT5/48cbJH6Sw5cG/e478jQ1rXpYw9rui6pzncbTqF S1fi5rbSdCjP2/zah2k+ixIJdjTRaxr1WwyFLRAF0Ut9ckedQ5iw/8e/h4G0709bKC7Z xVyeb7DwAtfLpN57W4YfIVnBOwjmm48lJRIf3vK/yHTD3BTkB2kV6c2PzvlF25HK6rCD 5HWsf33tSuY0zZWtzeRHhSfWIip9y9Nt8p9t/8GiSC7Gcx/ZMUad7llcQcI+T4uSmIa5 dn9LPsP5eTOJsEfbolvC1dSJOdn/Ho/rlC8Div9cZzv3z8nhaqnK7tdz5R10qE8DNr72 5BmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-filter; bh=fKYk+bQMjc7+Pk1Fus0b+39ojugig6ZiA62cnbvlwSo=; b=GV8WUvWLfnhhyOPRyp30IVReKDAh+ZEHSWw1rtN646B4SyoCBuNrrMFReSAOQnTvcB 2D5vReCyyUetzkDDTngNxjY4inz/tQMnO03U/MIdkMfngguL7j3Mu/Iplm400hjlodDf MBtj4P5tlMYfGhrsa4g7HIruqGZl/1Z8fiDQzTK5b17nTnVyRShqYJhnACajD6I7Qcsr erbl3l8aw21reokPHui22E+tKgx2LBOG1QXOH+yxbEsDWd70dzRccwyZRKOZBZKAHYTW SkDo4Q0ctIXVCyqp4zHPh82tMKr9tpVlr2G20bqvE4jqSnzbJ4n5XqajjnNaG8k5rAIi r7wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=b1iNwtWN; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r21si4223667ejo.415.2021.01.28.18.36.30; Thu, 28 Jan 2021 18:37:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=b1iNwtWN; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229757AbhA2CgN (ORCPT + 99 others); Thu, 28 Jan 2021 21:36:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229786AbhA2CgJ (ORCPT ); Thu, 28 Jan 2021 21:36:09 -0500 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F4E0C061573 for ; Thu, 28 Jan 2021 18:35:28 -0800 (PST) Received: by fieldses.org (Postfix, from userid 2815) id 7BD324599; Thu, 28 Jan 2021 21:35:27 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 7BD324599 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1611887727; bh=fKYk+bQMjc7+Pk1Fus0b+39ojugig6ZiA62cnbvlwSo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=b1iNwtWNaGyajoeSIQgdLzpEoiRbYPUQOB2XpxPh2UgiGB8Z5/FACo5kNrr3c9V/g yq+mqKUKAWFEA6b7D3TiWsjw+k2EWpJTmcPZn/EnXXjP9qxToZtYjJYISXliWs1MAS aVBAkLOb3ki25H5QN6o70o0y9sytO54ZwFnpHN8M= Date: Thu, 28 Jan 2021 21:35:27 -0500 From: "bfields@fieldses.org" To: Trond Myklebust Cc: "guy@vastdata.com" , "schumakeranna@gmail.com" , "linux-nfs@vger.kernel.org" Subject: Re: [PATCH] nfs: we don't support removing system.nfs4_acl Message-ID: <20210129023527.GA11864@fieldses.org> References: <20210128223638.GE29887@fieldses.org> <95e5f9e4-76d4-08c4-ece3-35a10c06073b@vastdata.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Fri, Jan 29, 2021 at 01:37:10AM +0000, Trond Myklebust wrote: > On Fri, 2021-01-29 at 01:34 +0200, guy keren wrote: > > On 1/29/21 12:36 AM, J. Bruce Fields wrote: > > From: "J. Bruce Fields" > > > > The NFSv4 protocol doesn't have any notion of reomoving an attribute, > > so > > removexattr(path,"system.nfs4_acl") doesn't make sense. > > > > There's no documented return value. Arguably it could be EOPNOTSUPP > > but > > I'm a little worried an application might take that to mean that we > > don't support ACLs or xattrs. How about EINVAL? > > > > Signed-off-by: J. Bruce Fields > > --- > >  fs/nfs/nfs4proc.c | 3 +++ > >  1 file changed, 3 insertions(+) > > > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > > index 2f4679a62712..d50dea5f5723 100644 > > --- a/fs/nfs/nfs4proc.c > > +++ b/fs/nfs/nfs4proc.c > > @@ -5895,6 +5895,9 @@ static int __nfs4_proc_set_acl(struct inode > > *inode, const void *buf, size_t bufl > >   unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE); > >   int ret, i; > >   > > + /* You can't remove system.nfs4_acl: */ > > + if (buflen == 0) > > + return -EINVAL; > >   if (!nfs4_server_supports_acls(server)) > >   return -EOPNOTSUPP; > >   if (npages > ARRAY_SIZE(pages)) > > > > question: what happens if someone is attempting to create an empty > > ACL on a file? as far as i know, this is legal. > > won't you arrive into this position with a buflen of 0? it should be > > similar to 'chmod 0 '. > > > > Agreed. If the server doesn't support removing the ACL then it should > be up to it to enforce that condition. I see nothing in the NFS > protocol that says it is up to the NFS client to act as the enforcer > here. Agreed. Note that this patch doesn't prevent an application from setting a zero-length ACL. The xattr format is XDR with the first four bytes representing the number of ACEs, so you'd set a zero-length ACL by passing down a 4-byte all-zero buffer as the new value of the system.nfs4_acl xattr. A zero-length NULL buffer is what's used to implement removexattr: int __vfs_removexattr(struct dentry *dentry, const char *name) { ... return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); } That's the case this patch covers. --b.