From nobody Mon Nov 25 23:57:05 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xy2gf0w54z5fPjl for ; Mon, 25 Nov 2024 23:57:18 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xy2gd2glpz4bfS for ; Mon, 25 Nov 2024 23:57:17 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=ZrwyyHgb; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::530 as permitted sender) smtp.mailfrom=rick.macklem@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-5cf6f804233so5879940a12.2 for ; Mon, 25 Nov 2024 15:57:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732579035; x=1733183835; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cJbMCjZlRiBmIn+tav8YyybwYSyMeSBaCedaF6oLNVk=; b=ZrwyyHgb0W46yzJh2Ajb6gSaG40+jELbFijcj7rzRqT9Ec++h5dYyOXVxDhg3/6O78 fzrjF/yEx1PBE3y2GXBDf8tkmFowxWEI5M2I8ImLh2cO1zFMcxyXHm/A5EYfnhSSwH9C d1jbusVvPXazrn0jz0/JVY77GVn2w4j2pK8pYFBMFUoveOAqQTZa5p1gQVAI0SvDfVuY bzbR4IfJAOHj7HP9BJ+yBazL3WROTMCHFHFQgsWjY4f5C+miUdJ6gk0uNs0ws0dxKIvZ uJiDN45iJZwS7OhUyM+rUiDSmwndvTRFK1woh8pPlQRLNi0/9QIlQ3GlLyvlxmdTKXja 8CMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732579035; x=1733183835; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cJbMCjZlRiBmIn+tav8YyybwYSyMeSBaCedaF6oLNVk=; b=PK8O9pWf6XWJcv9bSseyNDOi5oxLhbukpxe21T0R52zf62fFKfhv2tSsu/JSwqZi7o yWwlfVwPAATU5X90/dnLeeCBCNssMFf4IktBa0FGKopzrGE2aoGEgq3WwRV3jcaCi7yz rkOchrKZnjYV7bF7hbgtzhDOuaxiVi0kUc+L4FcEkQ+Q9iUN+x97V7+J+CxfXhNsoJzu D9B9F3Iu1YR09oQxM49KVsum9aAXnW9eH0pBByJ/u4xdmP3pbThQM115xqs2zFAkEOtC 7wFm5bbFabo5jTa0Nfj9lshfx5UdlFNzz30Z3PqpjUsBGDzWsj+Ff9r72KmXArZ10IO4 5BNw== X-Gm-Message-State: AOJu0Yzzigcvs+DW6faBUxLcoYylcfx0SjhWXnCJ2qN+HH8p+z2li7BV D361eFhK5ObgUtTx20jpe9T+EIEt3NEPbzr0+uHi4ZTgkhdGA3Shpi2KSMYmiwnnK5Upfbvwcn9 UfRRctkeRvqFz8a4590bPrKQEQci6 X-Gm-Gg: ASbGncu1kaGVRmiwC1/7OOMb3mcotwul9MTPL0UANV9oOy1WxGMckIkjEnATTpcf8oo IZt8SAijzHJsl7HhDzSOSHEY/CXEfs2RcskaPRqW90WonUeFhv/bOdlvf/373DuI= X-Google-Smtp-Source: AGHT+IHg0P8L47KAQfaS+aPt58r5ZOgVz0/U0Q38uAF/C98fXFgGd7Kex+RmR97tj/1sjzm3PK0bcnQPfvoOubGUSCk= X-Received: by 2002:a05:6402:1ec9:b0:5cf:d1b5:1bd5 with SMTP id 4fb4d7f45d1cf-5d0206254d2mr13596718a12.16.1732579034838; Mon, 25 Nov 2024 15:57:14 -0800 (PST) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Rick Macklem Date: Mon, 25 Nov 2024 15:57:05 -0800 Message-ID: Subject: Re: 14.1 NFS / mountd : -alldirs not working as expected To: Michael Proto Cc: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.93 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.93)[-0.934]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; TO_DN_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::530:from] X-Rspamd-Queue-Id: 4Xy2gd2glpz4bfS X-Spamd-Bar: --- On Mon, Nov 25, 2024 at 2:55=E2=80=AFPM Rick Macklem wrote: > > On Wed, Nov 20, 2024 at 8:01=E2=80=AFPM Michael Proto wrote: > > > > Hello all, > > > > Running into an issue with a 14.1 server that I think is a bug, though > > it may be me not interpreting documentation correctly so I wanted to > > ask here. > > > > Using NFSv3, with FreeBSD 14.1 as the NFS server. Based on what I see > > in exports(5), if I want to export conditional mounts (IE filesystem > > paths that are intermittently mounted locally on server) I should use > > -alldirs and specify the mount-point as the export. Per the manpage, > > this export should only be accessible when the exported directory is > > actually the root of a mounted filesystem. Currently if mountd is > > HUPed while the export isn't a filesystem mount I get the warning > > about exporting the filesystem "below" the export (root-FS in this > > case) and I can actually mount the root-FS from the client, instead of > > getting an error as I would expect. Using the specific example for a > > sometimes-mounted /cdrom in exports(5) can demonstrate this behavior. Just fyi, I also plan on coming up with a patch for exports(5) to make the correct semantics of -alldirs clearer. It only explains that -alldirs is only supposed to work on mount points in the examples section. It took me a couple of passes through it before I spotted it and realized this is a bug. rick > > > > /etc/rc.conf : > > nfs_server_enable=3D"YES" > > rpcbind_enable=3D"YES" > > rpc_statd_enable=3D"YES" > > rpc_lockd_enable=3D"YES" > > mountd_enable=3D"YES" > > > > /etc/exports : > > /cdrom -alldirs,quiet,ro -network=3D10.0.0.0/24 > > > > (at this time /cdrom exists as a directory but is not currently a > > filesystem mount point) > > on the server: > > root@zfstest1:~ # killall -HUP mountd > > > > /var/log/messages: > > Nov 20 22:34:56 zfstest1 mountd[27724]: Warning: exporting /cdrom > > exports entire / file system > I took a closer look and this is a bug. It appears that -alldirs is suppo= sed > to fail when a non-mountpoint is exported. > > It appears to have been introduced to the system long ago, although I > haven't yet tracked down the commit. > > mountd.c assumes that nmount(8) will fail when the directory path > is not a mount point, however for MNT_UPDATE (which is what is > used to export file systems) this is not the case. > > Please create a bugzilla bug report for this and I will work on a patch. > > Btw, quiet is also broken in the sense that it will cause any nmount(8) > failure to fail. However, since nmount(8) does not fail for this case, > it hardly matters. I will come up with a patch for this too, since it is > easy to fix. > > Thanks for reporting this, rick > > > > > root@zfstest1:~ # showmount -e > > Exports list on localhost: > > /cdrom 10.0.0.0 > > > > > > on a client, I can now mount "/" from my server zfstest1: > > > > root@client1:~ # mount -r -t nfs zfstest1:/ /mnt > > root@client1:~ # mount | tail -n1 > > zfstest1:/ on /mnt (nfs, read-only) > > > > The root-FS of zfstest1 is indeed visible in /mnt on client1 > > > > From what I see in /usr/src/usr.sbin/mountd/mountd.c this isn't > > supposed to happen (I'm no C programmer but this did read something > > like I should receive an export error from mountd when I send a HUP): > > ... > > } else if (!strcmp(cpopt, "alldirs")) { > > opt_flags |=3D OP_ALLDIRS; > > ... > > if (opt_flags & OP_ALLDIRS) { > > if (errno =3D=3D EINVAL) > > syslog(LOG_ERR, > > "-alldirs requested but %s is not a filesystem mountpoi= nt", > > dirp); > > else > > syslog(LOG_ERR, > > "could not remount = %s: %m", > > dirp); > > ret =3D 1; > > goto error_exit; > > } > > > > I suspect this code path isn't being hit since I'm getting the mountd > > warning I referenced above instead of this error. This appears to be a > > possible recurrence of a very old bug that depicts similar behavior : > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D170413 > > While it appears the "-sec" issue referenced in that bug is fixed in > > the listed PRs I didn't see anything on this -alldirs issue that's > > also mentioned there, maybe that's why I'm running into this now? > > > > I'd be totally unsurprised if my /etc/exports file isn't configured > > correctly, but I reduced my setup to just the example in the exports > > man page and I'm struggling to determine how to interpret that > > information differently. I also tried an export of /cdrom with only > > "-alldirs" as an option and I get the same behavior. Ideas? > > > > > > Thanks, > > Michael Proto > >