Bug 512361 - Server should return NFS4ERR_ATTRNOTSUPP if attribute 'ACL' is not supported
Summary: Server should return NFS4ERR_ATTRNOTSUPP if attribute 'ACL' is not supported
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.3
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Jeff Layton
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: 533192
TreeView+ depends on / blocked
 
Reported: 2009-07-17 14:20 UTC by Sachin Prabhu
Modified: 2018-10-27 14:59 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-30 07:43:22 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Reproducer (3.77 KB, text/plain)
2009-07-17 14:23 UTC, Sachin Prabhu
no flags Details
tcpdump demonstrating the problem (1.98 KB, application/octet-stream)
2009-07-17 14:28 UTC, Sachin Prabhu
no flags Details
patch -- backported patch from upstream (7.42 KB, patch)
2009-11-16 16:59 UTC, Jeff Layton
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0178 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.5 kernel security and bug fix update 2010-03-29 12:18:21 UTC

Description Sachin Prabhu 2009-07-17 14:20:07 UTC
In case ACLs are not supported in the underlying filesystem, the NFSv4 server should return NFS4ERR_ATTRNOTSUPP when ACL attributes are specified when creating a file. 

The following commit is required for this check.

commit 3c8e03166ae234d16e7871f8009638e0946d303c
Author: Yu Zhiguo <yuzg.com>
Date:   Sat May 16 16:22:31 2009 +0800

    NFSv4: do exact check about attribute specified
    
    Server should return NFS4ERR_ATTRNOTSUPP if an attribute specified is
    not supported in current environment.
    Operations CREATE, NVERIFY, OPEN, SETATTR and VERIFY should do this check.
    
    This bug is found when do newpynfs tests. The names of the tests that failed
    are following:
      CR12 NVF7a NVF7b NVF7c NVF7d NVF7f NVF7r NVF7s
      OPEN15 VF7a VF7b VF7c VF7d VF7f VF7r VF7s
    
    Add function do_check_fattr() to do exact check:
    1, Check attribute specified is supported by the NFSv4 server or not.
    2, Check FATTR4_WORD0_ACL & FATTR4_WORD0_FS_LOCATIONS are supported
       in current environment or not.
    3, Check attribute specified is writable or not.
    
    step 1 and 3 are done in function nfsd4_decode_fattr() but removed
    to this function now.
    
    Signed-off-by: Yu Zhiguo <yuzg.com>
    Signed-off-by: J. Bruce Fields <bfields.edu>

Comment 1 Sachin Prabhu 2009-07-17 14:23:05 UTC
Created attachment 354154 [details]
Reproducer

Customer provided reproducer.

 Server:
   step1:
     # mount -o noacl /dev/hda5 /mnt
     # mkdir /mnt/nfsdir
   step2:
     # vi /etc/exports (add the following line)
       /mnt/nfsdir *(rw,insecure,no_root_squash,fsid=0)
   step3:
     # service nfs restart

 Client:
   step1:
     # gcc -o attr_nosupp attr_nosupp.c
   step2:
     # ./attr_nosupp $ServerAddr

Actual Results:

 Kernel return NFS4_OK(0)

 Reproduce program log:
 # ./attr_nosupp $ServerAddr
 Server should return NFS4ERR_ATTRNOTSUPP rather than NFS_OK
 when attribute 'ACL' is not supported.

Expected Results:

 Kernel return NFS4ERR_ATTRNOTSUPP(10032)

 Reproduce program log:
 # ./attr_nosupp $ServerAddr
 All right, Server can return NFS4ERR_ATTRNOTSUPP.

Comment 2 Sachin Prabhu 2009-07-17 14:28:30 UTC
Created attachment 354156 [details]
tcpdump demonstrating the problem

A tcpdump demonstrating the problem. the underlying filesystem used for the nfs export was mounted with -o noacl to disable ACL support.

Frame 14: Create request with an ACL attribute.
Frame 16: A NFS_OK request being returned.

Comment 4 Jeff Layton 2009-11-16 16:59:10 UTC
Created attachment 369742 [details]
patch -- backported patch from upstream

The upstream patch had a lot of dependencies on patches that were not in RHEL. A lot of those patches (though not all) were changes to accomodate NFSv4.1. Rather than apply all of those to RHEL, I decided it would be better to just backport the needed patch to the existing code.

This patch is a first attempt at that backport. It builds cleanly and with it the provided test passes. I've not done much other testing with it yet.

Comment 5 RHEL Program Management 2009-11-16 17:12:18 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 7 Don Zickus 2009-12-02 21:02:33 UTC
in kernel-2.6.18-176.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 8 Don Zickus 2009-12-02 21:13:59 UTC
in kernel-2.6.18-176.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 11 Chris Ward 2010-02-11 10:27:24 UTC
~~ Attention Customers and Partners - RHEL 5.5 Beta is now available on RHN ~~

RHEL 5.5 Beta has been released! There should be a fix present in this 
release that addresses your request. Please test and report back results 
here, by March 3rd 2010 (2010-03-03) or sooner.

Upon successful verification of this request, post your results and update 
the Verified field in Bugzilla with the appropriate value.

If you encounter any issues while testing, please describe them and set 
this bug into NEED_INFO. If you encounter new defects or have additional 
patch(es) to request for inclusion, please clone this bug per each request
and escalate through your support representative.

Comment 15 errata-xmlrpc 2010-03-30 07:43:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0178.html


Note You need to log in before you can comment on or make changes to this bug.