From nobody Fri Nov 15 10:49:05 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XqYfp2kjbz5cyh0; Fri, 15 Nov 2024 10:49:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XqYfn6g8bz4X5D; Fri, 15 Nov 2024 10:49:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731667745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yMRcoijcmxiyd6++rV97m+Ua4oc8/lX1bqD5yZ1pLbc=; b=lVr1DrnyPi3Ee4HlYRLg+YTxuuqRBdi9TRq1morm8/TBWe7Gznqj7HteOjmtZG8TSIOZ/2 A45Si/cnZV+fDAONdWj81MQ+CG3KMTfeR8bLP4WtcJd5NfUxQot1XtMIo1dKmBO9nvFQgd 4G00XBsNgfs98NpH3OuGMyPscjckZjdrR8PtzSmfKPhO+aWZSX500wTuyvhZzpMbqPOC8Q AupY7qZhKIpQz4aGFdmshzxBN/MXrtGyj/6SrILI22hmnYQTc7f+8Hhq/q98iGZp8SV9lo fihn7soQwF1oJPNWI3/9brqH0LEcLUEgF/NnWTrHxoX5Nj+gY3JY9cDDzO2P8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731667745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yMRcoijcmxiyd6++rV97m+Ua4oc8/lX1bqD5yZ1pLbc=; b=dnWnF7iJNS44Xj2GzxukmQZ7VCUNOl2X0z9ED0tt79u7irxW4S4/VHeGo3m6O30WdrsMFv T3OZUdNYwMcN2UMNn/6ixF597z69eeGHq/UX07j6/0cKZL7FwitgAnn9wtjNmbmPkFH6m6 sIQHM9mg8p2j8UVqBKK5r+CaviWFT8jJ4QYmVx8lQnB0sqqViMPaAColazASNc0KgFmJ2R YB8Jbj5b3ujpujLjGF+sdjHKubhEfuiqMPzG2/5lIJTAIWeHKehFQxn/xqXcq+oMOQLGCJ D36bdqg9RAwAMnQD0/fPXFyYkLvD/sGFLTizrShqR5RkVsK2FO8sCR8Z3m/FYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731667745; a=rsa-sha256; cv=none; b=oo1I3uKiMf+psUjYVRh2Xf3cFBsmFtePnjy6pysQA83MF4vyliFoQagRCRhC7ytC2L2SXF lqZAm/Lxxf14LPuOLPXhGCC4fCKkOah3otz8LPGyeiT4oVt/1YJwZVEQ4nSFhf3BqZRAFo i/jzUuVsAZcEtrypkY0XFLs6lAfipEUCVQLwWly7g+k7u7za5+0Qoi7SZ1RJ/7duM9quvE rK0G7dFG/seFUhI7k5OLMX1mfeorjwaZIc6OcRAdncHQ5j706cbcPhU7GmCd5nANisunkn ZBFXshWASBhML3gFQYcwF87RQVV9xgn5Z+T/uKe/la51VCpRv9Tb2STERcvLKg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XqYfn64XbzKlH; Fri, 15 Nov 2024 10:49:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AFAn5PE018348; Fri, 15 Nov 2024 10:49:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AFAn5KB018345; Fri, 15 Nov 2024 10:49:05 GMT (envelope-from git) Date: Fri, 15 Nov 2024 10:49:05 GMT Message-Id: <202411151049.4AFAn5KB018345@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 8c767de732e7 - stable/14 - nfs: Fallback to GID_NOGROUP on no groups List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8c767de732e700e62fb5578d91c57f17e1c0a3c1 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8c767de732e700e62fb5578d91c57f17e1c0a3c1 commit 8c767de732e700e62fb5578d91c57f17e1c0a3c1 Author: Olivier Certner AuthorDate: 2024-11-03 10:26:37 +0000 Commit: Olivier Certner CommitDate: 2024-11-15 10:47:43 +0000 nfs: Fallback to GID_NOGROUP on no groups We cannot unconditionally access nfsd's VNET variables in 'sys/kern/vfs_export.c' nor 'sys/fs/nfsserver/nfs_nfsdsubs.c', as they may not have been compiled in depending on build options. So, forget about the extra mile of using the configured default group and use the hardcoded GID_NOGROUP (which differs only on systems running nfsuserd(8) and with a non-default GID for their "nogroup" group). Reported by: rpokala, bapt (MINIMAL compile breakup) Reported by: cy, David Wolfskill (panics caused by mountd(8)) Approved by: markj (mentor) Fixes: cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have at least one group") (cherry picked from commit 5169d4307eb9c8b7bb0bd46d600012bcc12cbdae) Approved by: markj (mentor) --- sys/fs/nfs/nfs_commonport.c | 3 +-- sys/fs/nfs/nfs_commonsubs.c | 2 +- sys/kern/vfs_export.c | 9 +++------ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c index 11f31d1a0e9f..0c94f4e7dc52 100644 --- a/sys/fs/nfs/nfs_commonport.c +++ b/sys/fs/nfs/nfs_commonport.c @@ -75,7 +75,6 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p); NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock); NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd); -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); int nfs_pnfsio(task_fn_t *, void *); @@ -260,7 +259,7 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr) ("newnfs_copycred: negative nfsc_ngroups")); cr->cr_uid = nfscr->nfsc_uid; crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); } /* diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c index 29f5a9569b12..84dcf4385f9a 100644 --- a/sys/fs/nfs/nfs_commonsubs.c +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -4038,7 +4038,7 @@ nfssvc_idname(struct nfsd_idargs *nidp) cr = crget(); cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid; crsetgroups_fallback(cr, nidp->nid_ngroup, grps, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); cr->cr_rgid = cr->cr_svgid = cr->cr_gid; cr->cr_prison = curthread->td_ucred->cr_prison; prison_hold(cr->cr_prison); diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c index 4649a05665e5..96b4464436e3 100644 --- a/sys/kern/vfs_export.c +++ b/sys/kern/vfs_export.c @@ -42,6 +42,7 @@ #include #include +#include #include #include #include @@ -63,10 +64,6 @@ #include #include -#include - -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); - static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); #if defined(INET) || defined(INET6) @@ -140,7 +137,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_uid; crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, - argp->ex_groups, NFSD_VNET(nfsrv_defaultgid)); + argp->ex_groups, GID_NOGROUP); np->netc_anon->cr_prison = &prison0; prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors; @@ -219,7 +216,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_uid; crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); np->netc_anon->cr_prison = &prison0; prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors;