git: 8c767de732e7 - stable/14 - nfs: Fallback to GID_NOGROUP on no groups
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Nov 2024 10:49:05 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=8c767de732e700e62fb5578d91c57f17e1c0a3c1
commit 8c767de732e700e62fb5578d91c57f17e1c0a3c1
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-03 10:26:37 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-11-15 10:47:43 +0000
nfs: Fallback to GID_NOGROUP on no groups
We cannot unconditionally access nfsd's VNET variables in
'sys/kern/vfs_export.c' nor 'sys/fs/nfsserver/nfs_nfsdsubs.c', as they
may not have been compiled in depending on build options.
So, forget about the extra mile of using the configured default group
and use the hardcoded GID_NOGROUP (which differs only on systems running
nfsuserd(8) and with a non-default GID for their "nogroup" group).
Reported by: rpokala, bapt (MINIMAL compile breakup)
Reported by: cy, David Wolfskill (panics caused by mountd(8))
Approved by: markj (mentor)
Fixes: cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have at least one group")
(cherry picked from commit 5169d4307eb9c8b7bb0bd46d600012bcc12cbdae)
Approved by: markj (mentor)
---
sys/fs/nfs/nfs_commonport.c | 3 +--
sys/fs/nfs/nfs_commonsubs.c | 2 +-
sys/kern/vfs_export.c | 9 +++------
3 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 11f31d1a0e9f..0c94f4e7dc52 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -75,7 +75,6 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p);
NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock);
NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd);
-NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
int nfs_pnfsio(task_fn_t *, void *);
@@ -260,7 +259,7 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr)
("newnfs_copycred: negative nfsc_ngroups"));
cr->cr_uid = nfscr->nfsc_uid;
crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups,
- NFSD_VNET(nfsrv_defaultgid));
+ GID_NOGROUP);
}
/*
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index 29f5a9569b12..84dcf4385f9a 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -4038,7 +4038,7 @@ nfssvc_idname(struct nfsd_idargs *nidp)
cr = crget();
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
crsetgroups_fallback(cr, nidp->nid_ngroup, grps,
- NFSD_VNET(nfsrv_defaultgid));
+ GID_NOGROUP);
cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);
diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c
index 4649a05665e5..96b4464436e3 100644
--- a/sys/kern/vfs_export.c
+++ b/sys/kern/vfs_export.c
@@ -42,6 +42,7 @@
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/conf.h>
#include <sys/dirent.h>
#include <sys/jail.h>
#include <sys/kernel.h>
@@ -63,10 +64,6 @@
#include <rpc/types.h>
#include <rpc/auth.h>
-#include <fs/nfs/nfsport.h>
-
-NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
-
static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
#if defined(INET) || defined(INET6)
@@ -140,7 +137,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_uid;
crsetgroups_fallback(np->netc_anon, argp->ex_ngroups,
- argp->ex_groups, NFSD_VNET(nfsrv_defaultgid));
+ argp->ex_groups, GID_NOGROUP);
np->netc_anon->cr_prison = &prison0;
prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;
@@ -219,7 +216,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_uid;
crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups,
- NFSD_VNET(nfsrv_defaultgid));
+ GID_NOGROUP);
np->netc_anon->cr_prison = &prison0;
prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;