From patchwork Sat Jan 21 14:47:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Chengen Du X-Patchwork-Id: 1729946 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=OcFylLpj; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NzfNJ6db1z23gL for ; Sun, 22 Jan 2023 01:47:28 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pJF9L-000094-QH; Sat, 21 Jan 2023 14:47:19 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pJF9K-00008x-QZ for kernel-team@lists.ubuntu.com; Sat, 21 Jan 2023 14:47:18 +0000 Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 7535542535 for ; Sat, 21 Jan 2023 14:47:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1674312438; bh=Wx1Mlbi/IWtQDECI7LR3XLkIzbH5OBcYcaLv9O/f9K4=; h=From:To:Subject:Date:Message-Id:MIME-Version:Content-Type; b=OcFylLpjXuZCrp2UeuieYmEQrtTG6irCDbKZQFdZq9fjHd2NT4Y2tAB+hGMDmU3pp moeHKsSrO33TsVFnfZMnkiQP7GsQlaY1t59klFZaf3hnVRixrAeqh8L1q+TuoMv18j LZ7pLo44/cScCaSkfTKL3s9UhYkpk0/tfrML1lcfXTcE1WcJUZJciAs/QngwHCI7ip pRuNium2XejkVFISrwAWJbmfFCcEyAqAYwQloMm2hYEjXlWRTtaP/KitXhm84idTzD aTvC3ojT9KNfZoInQhTFuB+Nu0VCpk8EP4qo3Zed7CmmO7l0l9KewNdpIVaVr0Lscf ruXlyEYZPPucw== Received: by mail-pl1-f198.google.com with SMTP id s5-20020a170903214500b00195e3b26848so2306139ple.7 for ; Sat, 21 Jan 2023 06:47:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Wx1Mlbi/IWtQDECI7LR3XLkIzbH5OBcYcaLv9O/f9K4=; b=ql1LiSdTF3FHODM1iJ4qcDHR0Ab9+lmh1WGlZc/fLK3g5CHqolWC8BieeOI1FLOrlc 2clJM7KOJoSR1iZNAqokEmJnoNA30d8qHpT2fKj9VRS3FgpDtY8STT5T+5b1PWs5i+pz Z6HOW4jG/VgGWQtxWlR4J1zhOiiR1I9SvaxdimL+sWF6BVno/5oHyVJdBC0os263OzI8 90cwgXVvMX+vgk6OMHq0Jee3J4C+HC4glvfxE0QRZ6w53i9jmAiHx1cdccyKqWFW7l3O r0j3GjySagNiEn45v92ts3Ma4kKBW5gydE4/kPt8Bd9dYYFd7CT5bWox05CuQZzXVxPk DHGA== X-Gm-Message-State: AFqh2kregHj0tBeR8DBaJ5MCBpLtpsFvmaQUizrWO4ZcLIEjrEh1awzb aSMITUFHH07dqop4+ZaXodfCPkMNZVjzSQTDePhxQngByblwe0BWv3r7xtI++qvKMuegOpkZyEs ZxZorqNX6wRL29bXR9MFrMx2xTbWC56NoWtEy0z4aQw== X-Received: by 2002:a17:902:6b4c:b0:194:97cd:b969 with SMTP id g12-20020a1709026b4c00b0019497cdb969mr17965477plt.55.1674312436563; Sat, 21 Jan 2023 06:47:16 -0800 (PST) X-Google-Smtp-Source: AMrXdXsr/jD3pgzFCs369JzmSZTZcVrODrpqffgY7Y7ug5mC8dO8XlOa+qyMnm84w65uyGN5Nym/7g== X-Received: by 2002:a17:902:6b4c:b0:194:97cd:b969 with SMTP id g12-20020a1709026b4c00b0019497cdb969mr17965462plt.55.1674312436252; Sat, 21 Jan 2023 06:47:16 -0800 (PST) Received: from chengendu.. (111-248-116-144.dynamic-ip.hinet.net. [111.248.116.144]) by smtp.gmail.com with ESMTPSA id p5-20020a170902bd0500b001932a9e4f2csm25656235pls.255.2023.01.21.06.47.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Jan 2023 06:47:15 -0800 (PST) From: Chengen Du To: kernel-team@lists.ubuntu.com Subject: [SRU][Bionic][PATCH 0/4] NFS: client permission error after adding user to permissible group Date: Sat, 21 Jan 2023 22:47:09 +0800 Message-Id: <20230121144713.39111-1-chengen.du@canonical.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] The NFS client's access cache becomes stale due to the user's group membership changing on the server after the user has already logged in on the client. The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or timeout (without delegation). Adding a user to a group in the NFS server will not cause any file attributes to change. The client will encounter permission errors until other file attributes are changed or the memory cache is dropped. [Fix] The access cache shall be cleared once the user logs out and logs back in again. 0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache upon login 029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's timestamp in rcu path 5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning [Test Plan] 1.[client side] testuser is not part of testgroup testuser@kinetic:~$ ls -ld /mnt/private/ drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/ testuser@kinetic:~$ mktemp -p /mnt/private/ mktemp: failed to create file via template ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied 2.[server side] add testuser into testgroup, which has access to folder root@kinetic:~$ usermod -aG testgroup testuser && echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush 3.[client side] create a file again but still fail testuser@kinetic:~$ mktemp -p /mnt/private/ mktemp: failed to create file via template ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied [Where problems could occur] The fix will apply upstream commits, so the regression can be considered as low. Chengen Du (1): (upstream) NFS: Judge the file access cache's timestamp in rcu path NeilBrown (1): (upstream) cred: add cred_fscmp() for comparing creds. Trond Myklebust (2): (upstream) NFS: Clear the file access cache upon login (upstream) NFS: Fix up a sparse warning fs/nfs/dir.c | 30 +++++++++++++++++++++++ include/linux/cred.h | 1 + include/linux/nfs_fs.h | 1 + kernel/cred.c | 55 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+) Acked-by: Tim Gardner Acked-by: Luke Nowakowski-Krijger Acked-by: Luke Nowakowski-Krijger