git: 4bef138e8d91 - stable/13 - nfs: Fallback to GID_NOGROUP on no groups
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Nov 2024 13:00:56 UTC
The branch stable/13 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=4bef138e8d91cda4d26cb4f20c6f419908b0f7b6 commit 4bef138e8d91cda4d26cb4f20c6f419908b0f7b6 Author: Olivier Certner <olce@FreeBSD.org> AuthorDate: 2024-11-03 10:26:37 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2024-11-15 12:59:10 +0000 nfs: Fallback to GID_NOGROUP on no groups We cannot unconditionally access nfsd's VNET variables in 'sys/kern/vfs_export.c' nor 'sys/fs/nfsserver/nfs_nfsdsubs.c', as they may not have been compiled in depending on build options. So, forget about the extra mile of using the configured default group and use the hardcoded GID_NOGROUP (which differs only on systems running nfsuserd(8) and with a non-default GID for their "nogroup" group). Reported by: rpokala, bapt (MINIMAL compile breakup) Reported by: cy, David Wolfskill (panics caused by mountd(8)) Approved by: markj (mentor) Fixes: cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have at least one group") (cherry picked from commit 5169d4307eb9c8b7bb0bd46d600012bcc12cbdae) --- sys/fs/nfs/nfs_commonport.c | 3 +-- sys/fs/nfs/nfs_commonsubs.c | 2 +- sys/kern/vfs_export.c | 9 +++------ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c index 67dd8e14a22c..c84548b54fc1 100644 --- a/sys/fs/nfs/nfs_commonport.c +++ b/sys/fs/nfs/nfs_commonport.c @@ -75,7 +75,6 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p); NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock); NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd); -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); int nfs_pnfsio(task_fn_t *, void *); @@ -261,7 +260,7 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr) ("newnfs_copycred: negative nfsc_ngroups")); cr->cr_uid = nfscr->nfsc_uid; crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); } /* diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c index cbac4ee85167..256342f146f0 100644 --- a/sys/fs/nfs/nfs_commonsubs.c +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -3979,7 +3979,7 @@ nfssvc_idname(struct nfsd_idargs *nidp) cr = crget(); cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid; crsetgroups_fallback(cr, nidp->nid_ngroup, grps, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); cr->cr_rgid = cr->cr_svgid = cr->cr_gid; cr->cr_prison = curthread->td_ucred->cr_prison; prison_hold(cr->cr_prison); diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c index 6eb20c8ed3a9..f3c11541ceea 100644 --- a/sys/kern/vfs_export.c +++ b/sys/kern/vfs_export.c @@ -42,6 +42,7 @@ #include <sys/param.h> #include <sys/systm.h> +#include <sys/conf.h> #include <sys/dirent.h> #include <sys/jail.h> #include <sys/kernel.h> @@ -63,10 +64,6 @@ #include <rpc/types.h> #include <rpc/auth.h> -#include <fs/nfs/nfsport.h> - -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); - static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); #if defined(INET) || defined(INET6) @@ -140,7 +137,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_uid; crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, - argp->ex_groups, NFSD_VNET(nfsrv_defaultgid)); + argp->ex_groups, GID_NOGROUP); np->netc_anon->cr_prison = &prison0; prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors; @@ -219,7 +216,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_uid; crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups, - NFSD_VNET(nfsrv_defaultgid)); + GID_NOGROUP); np->netc_anon->cr_prison = &prison0; prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors;