Re: git: 5169d4307eb9 - main - nfs: Fallback to GID_NOGROUP on no groups
Date: Sun, 03 Nov 2024 17:10:56 UTC
In message <202411031547.4A3Fl0Lh079122@gitrepo.freebsd.org>, Olivier Certner w rites: > The branch main has been updated by olce: > > URL: https://cgit.FreeBSD.org/src/commit/?id=5169d4307eb9c8b7bb0bd46d600012bc > c12cbdae > > commit 5169d4307eb9c8b7bb0bd46d600012bcc12cbdae > Author: Olivier Certner <olce@FreeBSD.org> > AuthorDate: 2024-11-03 10:26:37 +0000 > Commit: Olivier Certner <olce@FreeBSD.org> > CommitDate: 2024-11-03 15:45:43 +0000 > > nfs: Fallback to GID_NOGROUP on no groups > > We cannot unconditionally access nfsd's VNET variables in > 'sys/kern/vfs_export.c' nor 'sys/fs/nfsserver/nfs_nfsdsubs.c', as they > may not have been compiled in depending on build options. > > So, forget about the extra mile of using the configured default group > and use the hardcoded GID_NOGROUP (which differs only on systems running > nfsuserd(8) and with a non-default GID for their "nogroup" group). > > Reported by: rpokala, bapt (MINIMAL compile breakup) > Reported by: cy, David Wolfskill (panics caused by mountd(8)) > Approved by: markj (mentor) > Fixes: cfbe7a62dc62 ("nfs, rpc: Ensure kernel credentials have a > t least one group") > --- > sys/fs/nfs/nfs_commonport.c | 3 +-- > sys/fs/nfs/nfs_commonsubs.c | 2 +- > sys/kern/vfs_export.c | 9 +++------ > 3 files changed, 5 insertions(+), 9 deletions(-) > > diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c > index 11f31d1a0e9f..0c94f4e7dc52 100644 > --- a/sys/fs/nfs/nfs_commonport.c > +++ b/sys/fs/nfs/nfs_commonport.c > @@ -75,7 +75,6 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p); > > NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock); > NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd); > -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); > > int nfs_pnfsio(task_fn_t *, void *); > > @@ -260,7 +259,7 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr) > ("newnfs_copycred: negative nfsc_ngroups")); > cr->cr_uid = nfscr->nfsc_uid; > crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups, > - NFSD_VNET(nfsrv_defaultgid)); > + GID_NOGROUP); > } > > /* > diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c > index ce4b0052714e..81c558d768ea 100644 > --- a/sys/fs/nfs/nfs_commonsubs.c > +++ b/sys/fs/nfs/nfs_commonsubs.c > @@ -4052,7 +4052,7 @@ nfssvc_idname(struct nfsd_idargs *nidp) > cr = crget(); > cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid > ; > crsetgroups_fallback(cr, nidp->nid_ngroup, grps, > - NFSD_VNET(nfsrv_defaultgid)); > + GID_NOGROUP); > cr->cr_rgid = cr->cr_svgid = cr->cr_gid; > cr->cr_prison = curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c > index c0337b1fe858..a314bda164de 100644 > --- a/sys/kern/vfs_export.c > +++ b/sys/kern/vfs_export.c > @@ -40,6 +40,7 @@ > > #include <sys/param.h> > #include <sys/systm.h> > +#include <sys/conf.h> > #include <sys/dirent.h> > #include <sys/jail.h> > #include <sys/kernel.h> > @@ -61,10 +62,6 @@ > #include <rpc/types.h> > #include <rpc/auth.h> > > -#include <fs/nfs/nfsport.h> > - > -NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); > - > static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structur > e"); > > #if defined(INET) || defined(INET6) > @@ -138,7 +135,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep > , > np->netc_anon = crget(); > np->netc_anon->cr_uid = argp->ex_uid; > crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, > - argp->ex_groups, NFSD_VNET(nfsrv_defaultgid)); > + argp->ex_groups, GID_NOGROUP); > np->netc_anon->cr_prison = &prison0; > prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > @@ -217,7 +214,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep > , > np->netc_anon = crget(); > np->netc_anon->cr_uid = argp->ex_uid; > crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups, > - NFSD_VNET(nfsrv_defaultgid)); > + GID_NOGROUP); > np->netc_anon->cr_prison = &prison0; > prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > I'm getting a different panic this time. panic: Assertion groups on 'cr' already set! failed at /opt/src/git-src/sys/kern /kern_prot.c:2364^M cpuid = 3^M time = 1730653662^M KDB: stack backtrace:^M db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008e9a2fb0^M vpanic() at vpanic+0x136/frame 0xfffffe008e9a30e0^M panic() at panic+0x43/frame 0xfffffe008e9a3140^M crextend() at crextend+0x115/frame 0xfffffe008e9a3160^M crsetgroups() at crsetgroups+0x29/frame 0xfffffe008e9a3190^M nfsd_excred() at nfsd_excred+0xb3/frame 0xfffffe008e9a31c0^M nfsrvd_dorpc() at nfsrvd_dorpc+0x128c/frame 0xfffffe008e9a33d0^M nfssvc_program() at nfssvc_program+0x808/frame 0xfffffe008e9a35d0^M svc_run_internal() at svc_run_internal+0xaea/frame 0xfffffe008e9a3700^M svc_run() at svc_run+0x280/frame 0xfffffe008e9a3760^M nfsrvd_nfsd() at nfsrvd_nfsd+0x3d3/frame 0xfffffe008e9a38c0^M nfssvc_nfsd() at nfssvc_nfsd+0x535/frame 0xfffffe008e9a3de0^M sys_nfssvc() at sys_nfssvc+0xcc/frame 0xfffffe008e9a3e00^M amd64_syscall() at amd64_syscall+0x158/frame 0xfffffe008e9a3f30^M fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe008e9a3f30^M --- syscall (155, FreeBSD ELF64, nfssvc), rip = 0x159c44daf14a, rsp = 0x159c4238 b428, rbp = 0x159c4238b6c0 ---^M Uptime: 14m7s^M Dumping 1050 out of 8122 MB:..2%..11%..22%..31%..42%..51%..61%..71%..81%..92 %^M -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0