git: 4fd0162652a2 - releng/14.0 - nfsd: Fix NFS access to .zfs/snapshot snapshots
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Dec 2023 18:27:39 UTC
The branch releng/14.0 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=4fd0162652a2e0f51aad99055ec837049febaee2
commit 4fd0162652a2e0f51aad99055ec837049febaee2
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-04 15:45:11 +0000
nfsd: Fix NFS access to .zfs/snapshot snapshots
When a process attempts to access a snapshot under
/<dataset>/.zfs/snapshot, the snapshot is automounted.
However, without this patch, the automount does not
set mnt_exjail, which results in the snapshot not being
accessible over NFS.
This patch defines a new function called vfs_exjail_clone()
which sets mnt_exjail from another mount point and
then uses that function to set mnt_exjail in the snapshot
automount. A separate patch that is currently a pull request
for OpenZFS, calls this function to fix the problem.
PR: 275200
Approved by: so
Security: FreeBSD-EN-23:22.vfs
(cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)
(cherry picked from commit a7c25f0d064425bc7a3b170aa441fecf0ae38600)
---
sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
sys/sys/mount.h | 4 ++++
2 files changed, 39 insertions(+)
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index 45ab9cfc93cc..25757356f86a 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -3119,6 +3119,41 @@ suspend_all_fs(void)
mtx_unlock(&mountlist_mtx);
}
+/*
+ * Clone the mnt_exjail field to a new mount point.
+ */
+void
+vfs_exjail_clone(struct mount *inmp, struct mount *outmp)
+{
+ struct ucred *cr;
+ struct prison *pr;
+
+ MNT_ILOCK(inmp);
+ cr = inmp->mnt_exjail;
+ if (cr != NULL) {
+ crhold(cr);
+ MNT_IUNLOCK(inmp);
+ pr = cr->cr_prison;
+ sx_slock(&allprison_lock);
+ if (!prison_isalive(pr)) {
+ sx_sunlock(&allprison_lock);
+ crfree(cr);
+ return;
+ }
+ MNT_ILOCK(outmp);
+ if (outmp->mnt_exjail == NULL) {
+ outmp->mnt_exjail = cr;
+ atomic_add_int(&pr->pr_exportcnt, 1);
+ cr = NULL;
+ }
+ MNT_IUNLOCK(outmp);
+ sx_sunlock(&allprison_lock);
+ if (cr != NULL)
+ crfree(cr);
+ } else
+ MNT_IUNLOCK(inmp);
+}
+
void
resume_all_fs(void)
{
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index c4e1f83e9683..70f4bc2b834e 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -980,6 +980,9 @@ enum vfs_notify_upper_type {
* exported vnode operations
*/
+/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */
+#define VFS_SUPPORTS_EXJAIL_CLONE 1
+
int dounmount(struct mount *, uint64_t, struct thread *);
int kernel_mount(struct mntarg *ma, uint64_t flags);
@@ -1016,6 +1019,7 @@ int vfs_setpublicfs /* set publicly exported fs */
(struct mount *, struct netexport *, struct export_args *);
void vfs_periodic(struct mount *, int);
int vfs_busy(struct mount *, int);
+void vfs_exjail_clone(struct mount *, struct mount *);
void vfs_exjail_delete(struct prison *);
int vfs_export /* process mount export info */
(struct mount *, struct export_args *, bool);