From nobody Tue Dec 05 18:27:39 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sl8Cc2vyZz53JVS;
	Tue,  5 Dec 2023 18:27:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Sl8Cc06KNz3ZMY;
	Tue,  5 Dec 2023 18:27:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1701800860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/7m2mu4bd274o5cMXYMdo1T/ooSwpXb7+tJ8EntoJRQ=;
	b=u2xAco1XXlGkJvdXAOC+sUUr7Lj9OPjpd0wgQdiEBGy6MNkhupB8GVlzv/XxaE7loAnMyJ
	v47SlgPJkyv0rzjXFdTj6WQvvwcVZPyBG3mU3t2NDbQNdBrnjt5hEYYYXBiuirHGsg9PSK
	i9zZpa39cjAElj5uD777TuI58JyJu02bDEDjjbgI2/3ZDuMFSmFCSZ6r9cb2zmBqHiUsCL
	R7jx9S12ky7iSd1++XcTD9gfP4YgnHHth6NYvUY2a8U2MNOAa5xSL/j3SFnybQ5vrUkgVF
	9kAmLvMd7LD9uINiulwdmsRe8Cz+V4YD+n/PVwvgL2pGVjblhwl/YrWKfcg8iw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701800860; a=rsa-sha256; cv=none;
	b=lqPHfOUc/K7+yFCRmtzp4fWQjC29r8qcyiJspLisqvqjq39R+zXEOsC2rugGcXBhpao7km
	Fqm/+0mZ5bqP2Q/VDGirovbm4QtrIMMiXrV9jDFlrPhWwmUh5v18BKfKMG5ulm6oik2zaO
	joOrD3Gg1LyS5sR22WPY+x1bmFM/4N1YUs3DO5MIfC4MfcXE3i3zHsVT9GCM6CDF/6DIW6
	GnB6mteauVccmBQP+b/Hzzjap8qwPk7evYNa/mm/k/OiokotIuhLU9kdhEPQ8AbX7OrJ2+
	QB8FkvwcLOIa31wIg8IBYdagq5Vea+nZI0Be1WKbenLkaEii1rQy6Qu55HNVuA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1701800860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/7m2mu4bd274o5cMXYMdo1T/ooSwpXb7+tJ8EntoJRQ=;
	b=GnmXPz5N9GAJyotYjptsY/l6WTTo9XVVCHckTb2WvKKDJjjFdROqNtbzgxn9vhFtH/OsTc
	+oX0Sb8Y6ct44eNdBYfLMeBKUq5ajMvSCtHTfKMId90Ie+xGwV9S9bYRgdVfceicZVuY5V
	mOJAvRWd9VVBh7B1csGkV1QmJLFfesc15yNnFOpwpsYHDk0D+bS3TpFNUqcLqFypn0Gy54
	uWuH5avUxTI22viIrydWBD+nHoap0r+wOmRFG7BhRbBA8/QWqvZpdEAAjdmtN16/rYBqhK
	2ZZ8ZpVO2yc1jH+S1wSXLkRYYQODpFfqNXweIRMJGwhSZ9x1+BySfR0V3S0GdQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sl8Cb5p0rz5B0;
	Tue,  5 Dec 2023 18:27:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3B5IRdr3009501;
	Tue, 5 Dec 2023 18:27:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3B5IRdRd009498;
	Tue, 5 Dec 2023 18:27:39 GMT
	(envelope-from git)
Date: Tue, 5 Dec 2023 18:27:39 GMT
Message-Id: <202312051827.3B5IRdRd009498@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 4fd0162652a2 - releng/14.0 - nfsd: Fix NFS access to
  .zfs/snapshot snapshots
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/14.0
X-Git-Reftype: branch
X-Git-Commit: 4fd0162652a2e0f51aad99055ec837049febaee2
Auto-Submitted: auto-generated

The branch releng/14.0 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=4fd0162652a2e0f51aad99055ec837049febaee2

commit 4fd0162652a2e0f51aad99055ec837049febaee2
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-04 15:45:11 +0000

    nfsd: Fix NFS access to .zfs/snapshot snapshots
    
    When a process attempts to access a snapshot under
    /<dataset>/.zfs/snapshot, the snapshot is automounted.
    However, without this patch, the automount does not
    set mnt_exjail, which results in the snapshot not being
    accessible over NFS.
    
    This patch defines a new function called vfs_exjail_clone()
    which sets mnt_exjail from another mount point and
    then uses that function to set mnt_exjail in the snapshot
    automount.  A separate patch that is currently a pull request
    for OpenZFS, calls this function to fix the problem.
    
    PR:     275200
    Approved by:    so
    Security:       FreeBSD-EN-23:22.vfs
    
    (cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)
    (cherry picked from commit a7c25f0d064425bc7a3b170aa441fecf0ae38600)
---
 sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
 sys/sys/mount.h      |  4 ++++
 2 files changed, 39 insertions(+)

diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index 45ab9cfc93cc..25757356f86a 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -3119,6 +3119,41 @@ suspend_all_fs(void)
 	mtx_unlock(&mountlist_mtx);
 }
 
+/*
+ * Clone the mnt_exjail field to a new mount point.
+ */
+void
+vfs_exjail_clone(struct mount *inmp, struct mount *outmp)
+{
+	struct ucred *cr;
+	struct prison *pr;
+
+	MNT_ILOCK(inmp);
+	cr = inmp->mnt_exjail;
+	if (cr != NULL) {
+		crhold(cr);
+		MNT_IUNLOCK(inmp);
+		pr = cr->cr_prison;
+		sx_slock(&allprison_lock);
+		if (!prison_isalive(pr)) {
+			sx_sunlock(&allprison_lock);
+			crfree(cr);
+			return;
+		}
+		MNT_ILOCK(outmp);
+		if (outmp->mnt_exjail == NULL) {
+			outmp->mnt_exjail = cr;
+			atomic_add_int(&pr->pr_exportcnt, 1);
+			cr = NULL;
+		}
+		MNT_IUNLOCK(outmp);
+		sx_sunlock(&allprison_lock);
+		if (cr != NULL)
+			crfree(cr);
+	} else
+		MNT_IUNLOCK(inmp);
+}
+
 void
 resume_all_fs(void)
 {
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index c4e1f83e9683..70f4bc2b834e 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -980,6 +980,9 @@ enum vfs_notify_upper_type {
  * exported vnode operations
  */
 
+/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */
+#define	VFS_SUPPORTS_EXJAIL_CLONE	1
+
 int	dounmount(struct mount *, uint64_t, struct thread *);
 
 int	kernel_mount(struct mntarg *ma, uint64_t flags);
@@ -1016,6 +1019,7 @@ int	vfs_setpublicfs			    /* set publicly exported fs */
 	    (struct mount *, struct netexport *, struct export_args *);
 void	vfs_periodic(struct mount *, int);
 int	vfs_busy(struct mount *, int);
+void	vfs_exjail_clone(struct mount *, struct mount *);
 void	vfs_exjail_delete(struct prison *);
 int	vfs_export			 /* process mount export info */
 	    (struct mount *, struct export_args *, bool);