Project

General

Profile

Actions
Copy link

Bug #17191

closed

kclient accesses "/" when mounting a subpath

Added by John Spray over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Zheng Yan
Category:
fs/ceph
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

It looks like the kernel client tries to access the filesystem root on mount, even when it is mounting a sub path. This will fail if the client has caps that restrict it by path. I seem to recall that the fuse client had this problem too until it was fixed at the same time we were adding the path restrictions.

Seen while running TestVolumeClient against kernel client (http://tracker.ceph.com/issues/9466)
http://qa-proxy.ceph.com/teuthology/jspray-2016-08-30_12:07:21-kcephfs:recovery-master-testing-basic-mira/392449/teuthology.log

Caps look like:

2016-08-30T12:26:10.718 INFO:teuthology.orchestra.run.mira030.stdout:        {
2016-08-30T12:26:10.718 INFO:teuthology.orchestra.run.mira030.stdout:            "entity": "client.guest",
2016-08-30T12:26:10.718 INFO:teuthology.orchestra.run.mira030.stdout:            "key": "AQBde8VXrnkICBAAMDsCITn4iLFyLKxv35tlow==",
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:            "caps": {
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:                "mds": "allow rw path=\/volumes\/grpid\/volid_0",
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:                "mon": "allow r",
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:                "osd": "allow rw pool=cephfs_data namespace=fsvolumens_volid_0" 
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:            }
2016-08-30T12:26:10.719 INFO:teuthology.orchestra.run.mira030.stdout:        },

Mount commands looks like:

2016-08-30T12:26:11.978 INFO:teuthology.orchestra.run.mira030:Running: 'sudo adjust-ulimits ceph-coverage /home/ubuntu/cephtest/archive/coverage /sbin/mount.ceph 172.21.4.116:6789:/volumes/grpid/volid_0 /home/ubuntu/cephtest/mnt.guest.0 -v -o name=guest,secretfile=/home/ubuntu/cephtest/ceph.data/client.guest.secret'
2016-08-30T12:26:12.140 INFO:teuthology.orchestra.run.mira030.stdout:parsing options: name=guest,secretfile=/home/ubuntu/cephtest/ceph.data/client.guest.secret
2016-08-30T12:26:12.141 INFO:teuthology.orchestra.run.mira030.stdout:mount error 13 = Permission denied

Client sends this request to server:

2016-08-30 12:26:12.133845 7fc64c622700  1 -- 172.21.4.116:6805/15963 <== client.14170 172.21.4.116:0/4186839042 2 ==== client_request(client.14170:1 getattr p #1 2016-08-30 12:26:12.125814) v2 ==== 122+0+0 (2888356563 0 0) 0x559a5d8a3600 con 0x559a5d7e0f00
2016-08-30 12:26:12.133893 7fc64c622700  4 mds.0.server handle_client_request client_request(client.14170:1 getattr p #1 2016-08-30 12:26:12.125814) v2
2016-08-30 12:26:12.133902 7fc64c622700 20 mds.0.server get_session have 0x559a5d79a000 client.14170 172.21.4.116:0/4186839042 state open
2016-08-30 12:26:12.133908 7fc64c622700 15 mds.0.server  oldest_client_tid=1
2016-08-30 12:26:12.133917 7fc64c622700  7 mds.0.cache request_start request(client.14170:1 cr=0x559a5d8a3600)
2016-08-30 12:26:12.133921 7fc64c622700  7 mds.0.server dispatch_client_request client_request(client.14170:1 getattr p #1 2016-08-30 12:26:12.125814) v2
2016-08-30 12:26:12.133927 7fc64c622700 10 mds.0.server rdlock_path_pin_ref request(client.14170:1 cr=0x559a5d8a3600) #1
2016-08-30 12:26:12.133931 7fc64c622700  7 mds.0.cache traverse: opening base ino 1 snap head
2016-08-30 12:26:12.133934 7fc64c622700 10 mds.0.cache path_traverse finish on snapid head
2016-08-30 12:26:12.133936 7fc64c622700 10 mds.0.server ref is [inode 1 [...2,head] / auth v6 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=0 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=0 0x559a5d6be000]
2016-08-30 12:26:12.133968 7fc64c622700 10 mds.0.locker acquire_locks request(client.14170:1 cr=0x559a5d8a3600)
2016-08-30 12:26:12.133972 7fc64c622700 20 mds.0.locker  must rdlock (isnap sync) [inode 1 [...2,head] / auth v6 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=0 0x559a5d6be000]
2016-08-30 12:26:12.133986 7fc64c622700 10 mds.0.locker  must authpin [inode 1 [...2,head] / auth v6 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=0 0x559a5d6be000]
2016-08-30 12:26:12.133999 7fc64c622700 10 mds.0.locker  auth_pinning [inode 1 [...2,head] / auth v6 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=0 0x559a5d6be000]
2016-08-30 12:26:12.134011 7fc64c622700 10 mds.0.cache.ino(1) auth_pin by 0x559a5d7a4d00 on [inode 1 [...2,head] / auth v6 ap=1+0 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=1 0x559a5d6be000] now 1+0
2016-08-30 12:26:12.134027 7fc64c622700  7 mds.0.locker rdlock_start  on (isnap sync) on [inode 1 [...2,head] / auth v6 ap=1+0 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=0 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=1 0x559a5d6be000]
2016-08-30 12:26:12.134038 7fc64c622700 10 mds.0.locker  got rdlock on (isnap sync r=1) [inode 1 [...2,head] / auth v6 ap=1+0 snaprealm=0x559a5d5bed80 dirtyparent f(v0 m2016-08-30 12:26:03.538717 1=0+1) n(v2 rc2016-08-30 12:26:05.099059 b237 6=2+4)/n(v0 1=0+1) (isnap sync r=1) (inest lock dirty) (iversion lock) caps={14161=pLsXs/-@4} | dirtyscattered=1 request=1 lock=1 dirfrag=1 caps=1 dirtyparent=1 dirty=1 waiter=0 authpin=1 0x559a5d6be000]
2016-08-30 12:26:12.134056 7fc64c622700 20 Session check_access path 
2016-08-30 12:26:12.134058 7fc64c622700 10 MDSAuthCap is_capable inode(path / owner 0:0 mode 041777) by caller 0:0 mask 1 new 0:0 cap: MDSAuthCaps[allow rw path="/volumes/grpid/volid_0"]
2016-08-30 12:26:12.134062 7fc64c622700 10 mds.0.server reply_client_request -13 ((13) Permission denied) client_request(client.14170:1 getattr p #1 2016-08-30 12:26:12.125814) v2
2016-08-30 12:26:12.134073 7fc64c622700 10 mds.0.server apply_allocated_inos 0 / [] / 0
2016-08-30 12:26:12.134076 7fc64c622700 20 mds.0.server lat 0.000405
2016-08-30 12:26:12.134078 7fc64c622700  1 -- 172.21.4.116:6805/15963 --> 172.21.4.116:0/4186839042 -- client_reply(???:1 = -13 (13) Permission denied) v1 -- ?+0 0x559a5d9aadc0 con 0x559a5d7e0f00
Actions
Copy link
 #1

Updated by John Spray over 7 years ago

  • Category set to fs/ceph
Actions
Copy link
 #2

Updated by Zheng Yan over 7 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #4

Updated by Zheng Yan over 7 years ago

  • Status changed from 7 to Resolved
Actions
Copy link

Also available in: Atom PDF