From nobody Tue Nov 26 16:01:45 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XyS4l6W4pz5ff1J for ; Tue, 26 Nov 2024 16:01:59 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XyS4k4R2hz4mbV for ; Tue, 26 Nov 2024 16:01:58 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=J8pP829X; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::532 as permitted sender) smtp.mailfrom=rick.macklem@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5ceca0ec4e7so7030808a12.0 for ; Tue, 26 Nov 2024 08:01:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732636916; x=1733241716; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Jbrt5EvaFwSK8DxEG31ffhnQnfKERKdtoLJMaz3k4jM=; b=J8pP829XM6R7Kzp3/wbFzBFwe5wleqxbO3REnWK07EaYbe5gz9cuBPsaPIHJw9SAe9 8bBziGQMs8pyV+yaAr9LnnNa2a7tCUTKGOxEphEzeg0BRYCzjBjSJ0X8STEyO7sGIXPC VkZCnAnRmr04v3ElA/RIc25JAedESk8/mixvoFMQdExAPAdix2NoK8Frd4zaaXIJI6MR nvijcSsZ+GRkpsw6sSGn4cnC+cHs1/nAcCioXABBGadXSPGiNFD5YV4Y05BNGArNw97Y FUO0jJefaT4rOCdHbDMDTgkcSudSWuVFRLqnsEFSeF1x8pNEf/IFfm74wkkn9eYdMHGG 38vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732636916; x=1733241716; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jbrt5EvaFwSK8DxEG31ffhnQnfKERKdtoLJMaz3k4jM=; b=gr5SkB9Cq8mfnU2Zx61ZFREqzwxXH7OxMTpk3rSL43Sbgq1xHhsyDGxDO/Dmma+2yk qvYb6aUm3t5Vk/xNwXmur6DGKIyYM0QcqShbRdYsrBxu/hC1tOMEDGC3rUU+4OuFMqVK 1q0cseowCbP1UaK7dA4CfCxOYimXOnkMS24NPMnQDhvRgf6HcTU5DmOMpRLRQtaESsyn 6OEATxdqMdzykFdJMTiS3qEOWIgTMHkyOC6q9PxwfBwpI+t5QvnU9q3jwyYJ2RQ57wrI segso6GkX8WGCD+JIood5IADZIiEZ/AnyV0vAzgCD2Ub8XE5TYNPdPoGmainZRde/4bQ lehQ== X-Gm-Message-State: AOJu0YzOgkp0MZb8PtKLoNVTwtGAQuY/pu4CirLbjhqV0ar7nJK/TyQe EHaKUaMX55FPa23o8zuEh2eP/hnZJVcIx6Bt5l724Mt02Ecw+qezgLny43AGqfR+lHTu8g3JwaI Ont11EWKqgJzgSxwpAUrOWx1Jhg52 X-Gm-Gg: ASbGncuYfaoPP5KDkxp8yYiC9toQFNtkBKsbUrDPXmzucChbddP0Iu8YXONnDcOiD5z tDpbY7NVjEUEy8scicwaTvgVIgCk8wX8R2c2z476av5Zmb8f7LkImoSxI6DWFJcc= X-Google-Smtp-Source: AGHT+IFjGS1Oo21uSkZg22At/dHB75p5GUEeKhWhY1A6XYfE0I18ATutu8jLS1MjgWAea8kfW0C2ZuZKqQGUapSMkJs= X-Received: by 2002:a05:6402:2692:b0:5ce:d43e:fece with SMTP id 4fb4d7f45d1cf-5d0205f43cfmr17223770a12.10.1732636914749; Tue, 26 Nov 2024 08:01:54 -0800 (PST) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Rick Macklem Date: Tue, 26 Nov 2024 08:01:45 -0800 Message-ID: Subject: Re: 14.1 NFS / mountd : -alldirs not working as expected To: Michael Proto Cc: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; TO_DN_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::532:from] X-Rspamd-Queue-Id: 4XyS4k4R2hz4mbV X-Spamd-Bar: --- On Mon, Nov 25, 2024 at 3:57=E2=80=AFPM Rick Macklem wrote: > > On Mon, Nov 25, 2024 at 2:55=E2=80=AFPM Rick Macklem wrote: > > > > On Wed, Nov 20, 2024 at 8:01=E2=80=AFPM Michael Proto wrote: > > > > > > Hello all, > > > > > > Running into an issue with a 14.1 server that I think is a bug, thoug= h > > > it may be me not interpreting documentation correctly so I wanted to > > > ask here. > > > > > > Using NFSv3, with FreeBSD 14.1 as the NFS server. Based on what I see > > > in exports(5), if I want to export conditional mounts (IE filesystem > > > paths that are intermittently mounted locally on server) I should use > > > -alldirs and specify the mount-point as the export. Per the manpage, > > > this export should only be accessible when the exported directory is > > > actually the root of a mounted filesystem. Currently if mountd is > > > HUPed while the export isn't a filesystem mount I get the warning > > > about exporting the filesystem "below" the export (root-FS in this > > > case) and I can actually mount the root-FS from the client, instead o= f > > > getting an error as I would expect. Using the specific example for a > > > sometimes-mounted /cdrom in exports(5) can demonstrate this behavior. > Just fyi, I also plan on coming up with a patch for exports(5) to make th= e > correct semantics of -alldirs clearer. It only explains that -alldirs > is only supposed > to work on mount points in the examples section. It took me a couple of > passes through it before I spotted it and realized this is a bug. I dug into the git repository and, believe it or not, it looks like this wa= s broken between releng1.0 and releng2.0 (there doesn't seem to be an exact commit). Basically, for releng1.0 the path provided by the exports line was passed into mount(2), which would fail if the path was not a mount point. This was how "not at a mount point" was detected for -alldirs. For releng2.0, it passes f_mntonname to mount(2), which is the mount point. This broke the check for "is a mount point". To be honest, the while() loop calling nmount(2) is mostly (if not entirely useless), because its purpose was to climb the path to the mount point and this should never now happen. I do have a patch that detects "not a mount point" using a strcmp() between f_mntoname and the path in the exports line. That should be sufficient, since symbolic links should not be in the path in exports(5). Michael, once you create a bugzilla bug report (bugs.freebsd.org), I will attach the patch and work on getting it committed. rick > > rick > > > > > > > /etc/rc.conf : > > > nfs_server_enable=3D"YES" > > > rpcbind_enable=3D"YES" > > > rpc_statd_enable=3D"YES" > > > rpc_lockd_enable=3D"YES" > > > mountd_enable=3D"YES" > > > > > > /etc/exports : > > > /cdrom -alldirs,quiet,ro -network=3D10.0.0.0/24 > > > > > > (at this time /cdrom exists as a directory but is not currently a > > > filesystem mount point) > > > on the server: > > > root@zfstest1:~ # killall -HUP mountd > > > > > > /var/log/messages: > > > Nov 20 22:34:56 zfstest1 mountd[27724]: Warning: exporting /cdrom > > > exports entire / file system > > I took a closer look and this is a bug. It appears that -alldirs is sup= posed > > to fail when a non-mountpoint is exported. > > > > It appears to have been introduced to the system long ago, although I > > haven't yet tracked down the commit. > > > > mountd.c assumes that nmount(8) will fail when the directory path > > is not a mount point, however for MNT_UPDATE (which is what is > > used to export file systems) this is not the case. > > > > Please create a bugzilla bug report for this and I will work on a patch= . > > > > Btw, quiet is also broken in the sense that it will cause any nmount(8) > > failure to fail. However, since nmount(8) does not fail for this case, > > it hardly matters. I will come up with a patch for this too, since it i= s > > easy to fix. > > > > Thanks for reporting this, rick > > > > > > > > root@zfstest1:~ # showmount -e > > > Exports list on localhost: > > > /cdrom 10.0.0.0 > > > > > > > > > on a client, I can now mount "/" from my server zfstest1: > > > > > > root@client1:~ # mount -r -t nfs zfstest1:/ /mnt > > > root@client1:~ # mount | tail -n1 > > > zfstest1:/ on /mnt (nfs, read-only) > > > > > > The root-FS of zfstest1 is indeed visible in /mnt on client1 > > > > > > From what I see in /usr/src/usr.sbin/mountd/mountd.c this isn't > > > supposed to happen (I'm no C programmer but this did read something > > > like I should receive an export error from mountd when I send a HUP): > > > ... > > > } else if (!strcmp(cpopt, "alldirs")) { > > > opt_flags |=3D OP_ALLDIRS; > > > ... > > > if (opt_flags & OP_ALLDIRS) { > > > if (errno =3D=3D EINVAL) > > > syslog(LOG_ERR, > > > "-alldirs requested but %s is not a filesystem mountp= oint", > > > dirp); > > > else > > > syslog(LOG_ERR, > > > "could not remoun= t %s: %m", > > > dirp); > > > ret =3D 1; > > > goto error_exit; > > > } > > > > > > I suspect this code path isn't being hit since I'm getting the mountd > > > warning I referenced above instead of this error. This appears to be = a > > > possible recurrence of a very old bug that depicts similar behavior : > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D170413 > > > While it appears the "-sec" issue referenced in that bug is fixed in > > > the listed PRs I didn't see anything on this -alldirs issue that's > > > also mentioned there, maybe that's why I'm running into this now? > > > > > > I'd be totally unsurprised if my /etc/exports file isn't configured > > > correctly, but I reduced my setup to just the example in the exports > > > man page and I'm struggling to determine how to interpret that > > > information differently. I also tried an export of /cdrom with only > > > "-alldirs" as an option and I get the same behavior. Ideas? > > > > > > > > > Thanks, > > > Michael Proto > > >