git: 4fd0162652a2 - releng/14.0 - nfsd: Fix NFS access to .zfs/snapshot snapshots
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Dec 2023 18:27:39 UTC
The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4fd0162652a2e0f51aad99055ec837049febaee2 commit 4fd0162652a2e0f51aad99055ec837049febaee2 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2023-11-23 15:23:33 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2023-12-04 15:45:11 +0000 nfsd: Fix NFS access to .zfs/snapshot snapshots When a process attempts to access a snapshot under /<dataset>/.zfs/snapshot, the snapshot is automounted. However, without this patch, the automount does not set mnt_exjail, which results in the snapshot not being accessible over NFS. This patch defines a new function called vfs_exjail_clone() which sets mnt_exjail from another mount point and then uses that function to set mnt_exjail in the snapshot automount. A separate patch that is currently a pull request for OpenZFS, calls this function to fix the problem. PR: 275200 Approved by: so Security: FreeBSD-EN-23:22.vfs (cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d) (cherry picked from commit a7c25f0d064425bc7a3b170aa441fecf0ae38600) --- sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++ sys/sys/mount.h | 4 ++++ 2 files changed, 39 insertions(+) diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 45ab9cfc93cc..25757356f86a 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -3119,6 +3119,41 @@ suspend_all_fs(void) mtx_unlock(&mountlist_mtx); } +/* + * Clone the mnt_exjail field to a new mount point. + */ +void +vfs_exjail_clone(struct mount *inmp, struct mount *outmp) +{ + struct ucred *cr; + struct prison *pr; + + MNT_ILOCK(inmp); + cr = inmp->mnt_exjail; + if (cr != NULL) { + crhold(cr); + MNT_IUNLOCK(inmp); + pr = cr->cr_prison; + sx_slock(&allprison_lock); + if (!prison_isalive(pr)) { + sx_sunlock(&allprison_lock); + crfree(cr); + return; + } + MNT_ILOCK(outmp); + if (outmp->mnt_exjail == NULL) { + outmp->mnt_exjail = cr; + atomic_add_int(&pr->pr_exportcnt, 1); + cr = NULL; + } + MNT_IUNLOCK(outmp); + sx_sunlock(&allprison_lock); + if (cr != NULL) + crfree(cr); + } else + MNT_IUNLOCK(inmp); +} + void resume_all_fs(void) { diff --git a/sys/sys/mount.h b/sys/sys/mount.h index c4e1f83e9683..70f4bc2b834e 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -980,6 +980,9 @@ enum vfs_notify_upper_type { * exported vnode operations */ +/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */ +#define VFS_SUPPORTS_EXJAIL_CLONE 1 + int dounmount(struct mount *, uint64_t, struct thread *); int kernel_mount(struct mntarg *ma, uint64_t flags); @@ -1016,6 +1019,7 @@ int vfs_setpublicfs /* set publicly exported fs */ (struct mount *, struct netexport *, struct export_args *); void vfs_periodic(struct mount *, int); int vfs_busy(struct mount *, int); +void vfs_exjail_clone(struct mount *, struct mount *); void vfs_exjail_delete(struct prison *); int vfs_export /* process mount export info */ (struct mount *, struct export_args *, bool);