Project

General

Profile

Bug #35961

nfs-ganesha: ceph_fsal_setattr2 returned Operation not permitted

Added by shangzhong zhu 3 months ago. Updated 3 months ago.

Status:
Pending Backport
Priority:
Normal
Category:
-
Target version:
Start date:
09/13/2018
Due date:
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
mimic,luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Ganesha FSAL, libcephfs
Labels (FS):
Pull request ID:

Description

How to reproduce:

1. mount the nfs-ganesha export directory
2. log in using user1 and create new file named abc.txt
uid=9998(user1) gid=100(users) groups=100(users)
3. add new user user2, and its user group is same as user1's
4. chmod 664 abc.txt
5. log in using user2, and write new string to abc.txt
echo 'Hello' > abc.txt
6. The error "Operation not permitted" will be output

nfs-ganesha logs:

11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] nfs3_setattr :NFS3 :DEBUG :REQUEST PROCESSING: Calling nfs_Setattr handle: File Handle V3: Len=24 4300000110e903000000010000feffffffffffffff000000
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] nfs3_Sattr_To_FSALattr :NFS3 :F_DBG :size = 0
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] nfs3_Sattr_To_FSALattr :NFS3 :F_DBG :set=0 mtime = 0
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] nfs3_Sattr_To_FSALattr :NFS3 :F_DBG :SET_TO_SERVER_TIME Mtime
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] fsal_check_setattr_perms :FSAL :DEBUG :Change SIZE requires FSAL_ACE_PERM_WRITE_DATA
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] fsal_check_setattr_perms :FSAL :DEBUG :Change ATIME and MTIME to NOW requires FSAL_ACE_PERM_WRITE_DATA
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] fsal_check_setattr_perms :FSAL :DEBUG :Requires  WRITE_DATA
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] fsal_check_setattr_perms :FSAL :DEBUG :Access check returned No error (checked mode)
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] ceph_fsal_setattr2 :FSAL :F_DBG :attrs  set attributes Valid Mask=00400004  size=0x0 mtime=SERVER
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] fsal_find_fd :FSAL :F_DBG :Use global fd openflags = 3
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] ceph_fsal_setattr2 :FSAL :DEBUG :setting size to 0
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] ceph_fsal_setattr2 :FSAL :DEBUG :setattrx returned Operation not permitted (1)
11/09/2018 07:58:20 : epoch 5b976502 : ceph44 : ganesha.nfsd-7442[svc_1] nfs3_setattr :NFS3 :F_DBG :fsal_setattr failed

cephfs client logs:

2018-09-11 07:58:20.329 7feba05dc700  8 client.54044 _ll_setattrx 0x100000003e9.head mask 28
2018-09-11 07:58:20.329 7feba05dc700 20 client.54044 may_setattr 0x100000003e9.head(faked_ino=0 ref=4 ll_ref=1 cap_refs={4=0,1024=0,4096=0,8192=0} open={3=1} mode=100664 size=6/4194304 nlink=1 btime=2018-09-11 07:57:55.598147 mtime=2018-09-11 07:57:55.618157 ctime=2018-09-11 07:58:06.405966 caps=pAsxLsXsxFsxcrwb(0=pAsxLsXsxFsxcrwb) objectset[0x100000003e9 ts 0/0 objects 1 dirty_or_tx 0] parents=0x10000000000.head["abc.txt"] 0x7feb98008640); UserPerm(uid: 9998, gid: 100)
2018-09-11 07:58:20.329 7feba05dc700 10 client.54044 _getattr mask As issued=1
2018-09-11 07:58:20.329 7feba05dc700  3 client.54044 may_setattr 0x7feb98008640 = -1
2018-09-11 07:58:20.329 7feba05dc700  3 client.54044 ll_setattrx 0x100000003e9.head = -1


Related issues

Copied to fs - Backport #36205: mimic: nfs-ganesha: ceph_fsal_setattr2 returned Operation not permitted Resolved
Copied to fs - Backport #36206: luminous: nfs-ganesha: ceph_fsal_setattr2 returned Operation not permitted In Progress

History

#1 Updated by shangzhong zhu 3 months ago

nfs-ganesha 2.6.3
ceph version 13.2.1
nfs client: nfs-utils-1.3.0-0.54.el7.x86_64
mount nfs export directory with NFSV3

#2 Updated by Patrick Donnelly 3 months ago

  • Assignee set to Jeff Layton

#3 Updated by Jeff Layton 3 months ago

It fell down on the truncate. The setattr mask shows CEPH_SETATTR_MTIME and CEPH_SETATTR_SIZE. I suspect this check in may_setattr is wrong, but I'll need to go over the logic in detail to determine why.

  if (mask & (CEPH_SETATTR_CTIME | CEPH_SETATTR_BTIME |                         
              CEPH_SETATTR_MTIME | CEPH_SETATTR_ATIME)) {                       
    if (perms.uid() != 0 && perms.uid() != in->uid) {                           
      int check_mask = CEPH_SETATTR_CTIME | CEPH_SETATTR_BTIME;                 
      if (!(mask & CEPH_SETATTR_MTIME_NOW))                                     
        check_mask |= CEPH_SETATTR_MTIME;                                       
      if (!(mask & CEPH_SETATTR_ATIME_NOW))                                     
        check_mask |= CEPH_SETATTR_ATIME;                                       
      if (check_mask & mask) {                                                  
        goto out;                                                               
      } else {                                                                  
        r = inode_permission(in, perms, MAY_WRITE);                             
        if (r < 0)                                                              
          goto out;                                                             
      }                                                                         
    }                                                                           
  }                                                                             

#4 Updated by Jeff Layton 3 months ago

I take it back. The check is correct. What's happening is that ganesha is just calling CEPH_SETATTR_MTIME with the current time and that is causing the check to fail. What we probably need to do is expose the CEPH_SETATTR_MTIME_NOW in the header file and then have ganesha use it (ditto with the ATIME one).

#7 Updated by Patrick Donnelly 3 months ago

  • Status changed from New to Need Review
  • Assignee changed from Jeff Layton to shangzhong zhu
  • Target version set to v14.0.0
  • Source set to Community (dev)
  • Backport set to mimic,luminous
  • ceph-qa-suite deleted (fs)
  • Component(FS) deleted (Client, Ganesha FSAL)

#8 Updated by Patrick Donnelly 3 months ago

  • Component(FS) Ganesha FSAL added

#9 Updated by Patrick Donnelly 3 months ago

  • Status changed from Need Review to Pending Backport

#10 Updated by Nathan Cutler 3 months ago

  • Copied to Backport #36205: mimic: nfs-ganesha: ceph_fsal_setattr2 returned Operation not permitted added

#11 Updated by Nathan Cutler 3 months ago

  • Copied to Backport #36206: luminous: nfs-ganesha: ceph_fsal_setattr2 returned Operation not permitted added

Also available in: Atom PDF