Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1076138pxm; Wed, 23 Feb 2022 17:29:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJxVMeS+HGMGrt+SQ3xCzzOi/VIyCzvcETN9gInJOGEAcFr6EFPKHI2hzC/0HTP3S1fygSqT X-Received: by 2002:a17:90a:12c9:b0:1bc:1b9e:ea37 with SMTP id b9-20020a17090a12c900b001bc1b9eea37mr349491pjg.65.1645666198711; Wed, 23 Feb 2022 17:29:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645666198; cv=none; d=google.com; s=arc-20160816; b=hqz1qOOyXVY2r53vXLd2Q/t8CANsUJnUj9JTYdj6t4eHSo10ULQlGWpEq0bzr5ow1G saRaeiO05TwWYEdDyYRlrbF3R4vmon/2UaUyNFf3fz6VA9Tpcd3+kRNlZzwNvsb9Q/iP x+6JdtDqASHc116nL835/NTdzIaukcIaN86nCa41L75/081xnCtnwk58F6O8aWpJjONm JEBHlKYnWGFolfJ0K+3Wy0weY6za1m2hZ1sGbLSYA2r5net1F5rNh5yXnnVHFSPEAh3/ POcH2Rz+txT+yh1Em/qeFMhBliI9L6ROSIl78gK5VpRJJNdwCwd4ntmg5/Ei/zry0DcH iQkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=zmvj42mFrOseSGg5oVeeLt2IgUAaN5XAEKEGeFphoEo=; b=wYgz+kC8z0Xm/yyrDsYPBCpImhN0D+npyne6ziii/xwCnCZseU5esE5hJnj6a6mfL2 wlH7lmfbeeo/84eje06kUspc+HrcgYg0oErIFD/Et10O1ZwmqiN+KI56cYpnrr4PqNHY 17546i83e7qiBF1Ic3pOxAl+IXpLCqvNwe2KvFHoZ36DDAsK21mhRIJ54KpRq7IMCXf5 ql1W8eAXoXs4cLCqQvRPAI0xcZlbadoiUQAwpsNK8mh68XO6CmDSnK8CVMqI5DvxkchN LGnTmptQxqZPFb/+vq+BmaqtwLd3geFUlHRf1wItVvYEBtk44P0GgbFeVD6T67N/UQyt FzPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ALObIyhW; spf=softfail (google.com: domain of transitioning linux-nfs-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id 8si1091775pfl.267.2022.02.23.17.29.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 17:29:58 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-nfs-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ALObIyhW; spf=softfail (google.com: domain of transitioning linux-nfs-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DDEE525A967; Wed, 23 Feb 2022 17:10:41 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235398AbiBWQKC (ORCPT + 99 others); Wed, 23 Feb 2022 11:10:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242041AbiBWQJ7 (ORCPT ); Wed, 23 Feb 2022 11:09:59 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6610C4B47 for ; Wed, 23 Feb 2022 08:09:31 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4FA9D61949 for ; Wed, 23 Feb 2022 16:09:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7392AC340E7; Wed, 23 Feb 2022 16:09:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645632570; bh=5Mx0cWnoiXceLJoARsJC8tRZjIHMDETqXR7tNIvHmvY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ALObIyhWkp12YqmaDSsO7N0lZmb5uuFHd4SljND70jdEKvbEeaTX6gl3InLvo46h+ hbbFqzaXeUdme3QoMN0hDuiPbRVffrsBDDgwXHVAGRiye6qXmWKjJrqWd/Eov3UTgz NngJY4qFQFFjAjL5t5OxefEe/OLkM0giJqg3zuQrVwp0tCcOvPMIrL8jcha3OUJ+Bn dLUNQSvqWlaZO9dylKfWn6Lu1+bFoAPFDu5Bp7AIEOsT652N7Cc5LKpQLPm6Zk8V7q 9vPSbDa51iLNzuwQ3INJVjIjF4hf6F34KH6MhOy8d/p7Yi/HAUQQZfEX+TZGjjZ6lq fihdrcP6SqbxA== Date: Wed, 23 Feb 2022 17:09:26 +0100 From: Christian Brauner To: Trond Myklebust Cc: "suy.fnst@fujitsu.com" , "linux-nfs@vger.kernel.org" , "l@damenly.su" Subject: Re: [bug?] nfs setgid inheritance Message-ID: <20220223160926.iidztq5nf3wssw4m@wittgenstein> References: <20220219113412.7ov4tbkisv4vnmo3@wittgenstein> <55aef6aa0e1825c1709051091c7bf849fccbda32.camel@hammerspace.com> <20220223084425.uq75dqfwymgfayus@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Feb 23, 2022 at 12:24:02PM +0000, Trond Myklebust wrote: > On Wed, 2022-02-23 at 09:44 +0100, Christian Brauner wrote: > > On Sat, Feb 19, 2022 at 05:00:18PM +0000, Trond Myklebust wrote: > > > On Sat, 2022-02-19 at 12:34 +0100, Christian Brauner wrote: > > > > On Sat, Feb 19, 2022 at 08:34:30AM +0000, > > > > suy.fnst@fujitsu.com wrote: > > > > > Hi NFS folks, > > > > >   During our xfstests, we found generic/633 fails like: > > > > > ============================================ > > > > > FSTYP         -- nfs > > > > > PLATFORM      -- Linux/x86_64 btrfs 5.17.0-rc4-custom #236 SMP > > > > > PREEMPT Sat Feb 19 15:09:03 CST 2022 > > > > > MKFS_OPTIONS  -- 127.0.0.1:/nfsscratch > > > > > MOUNT_OPTIONS -- -o vers=4 127.0.0.1:/nfsscratch /mnt/scratch > > > > > > > > > > generic/633 0s ... [failed, exit status 1]- output mismatch > > > > > (see > > > > > /root/xfstests-dev/results//generic/633.out.bad) > > > > >     --- tests/generic/633.out   2021-05-23 14:03:08.879999997 > > > > > +0800 > > > > >     +++ /root/xfstests-dev/results//generic/633.out.bad 2022- > > > > > 02-19 > > > > > 16:31:28.660000013 +0800 > > > > >     @@ -1,2 +1,4 @@ > > > > >      QA output created by 633 > > > > >      Silence is golden > > > > >     +idmapped-mounts.c: 7906: setgid_create - Success - > > > > > failure: > > > > > is_setgid > > > > >     +idmapped-mounts.c: 13907: run_test - Success - failure: > > > > > create > > > > > operations in directories with setgid bit set > > > > >     ... > > > > >     (Run 'diff -u /root/xfstests-dev/tests/generic/633.out > > > > > /root/xfstests-dev/results//generic/633.out.bad'  to see the > > > > > entire > > > > > diff) > > > > > Ran: generic/633 > > > > > Failures: generic/633 > > > > > Failed 1 of 1 tests > > > > > ============================================ > > > > > > > > > > The failed test is about setgid inheritance. > > > > > When  a file is created with S_ISGID in the directory with > > > > > S_ISGID, > > > > > NFS  doesn't strip the  setgid bit of the new created file but > > > > > others > > > > > (ext4/xfs/btrfs) do.  They call inode_init_owner() which does > > > > > the strip after new_inode(). > > > > > However, NFS has its own logical to handle inode capacities. > > > > > As the test says the behavior can be filesystem type specific, > > > > > I'd report to you NFS guys and ask whether it's a bug or not? > > > > > > > > Thanks for the report. I'm not sure why NFS would have different > > > > rules > > > > for setgid inheritance. So I'm inclined to think that this is > > > > simply > > > > a > > > > bug similar to what we saw in xfs and ceph. But I'll let the NFS > > > > folks > > > > determine that. > > > > > > > > XFS is only special in so far as it has a sysctl that lets it > > > > alter > > > > sgid > > > > inheritance behavior. And it only has that to allow for legacy > > > > irix > > > > semantics iiuc. > > > > > > OK, so how do you expect this 'idmapped-mounts' functionality to > > > work > > > on NFS? I'm not asking about this bug in particular. I'm asking > > > about > > > what this is supposed to do in general. > > > > Just to clarify, the bug has nothing to do with idmapped mounts. The > > idmapped mount testsuite always had a vfs generic part. That vfs > > generic > > part has been made available to all filesystems supporting xfstests a > > few weeks ago. (So far this setgid inheritance bug here has been > > present > > in 3 filesystems.) > > The setgid stuff works just fine with regular use, when the server is > able to determine when to clear the bit. It only breaks with this kind > of test where the server is being lied to by the client's upper layers. I think you misunderstand: it is not possible to create idmapped mounts for a mounted NFS client. In order for a filesystem to support idmapped mounts it must set FS_ALLOW_IDMAP which currently only btrfs, ext4, fat, and xfs do. The failing test does not use idmapped mounts in any way.