diff options
| author | Rick Macklem <rmacklem@FreeBSD.org> | 2023-11-23 15:23:33 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2023-12-04 15:45:11 +0000 |
| commit | 4fd0162652a2e0f51aad99055ec837049febaee2 (patch) | |
| tree | 908afa5bbcc42221032fb0ca43dd3062dccd1063 | |
| parent | 31f6cfca851f20099162352dac8d044857b2e1f9 (diff) | |
| download | src-4fd0162652a2e0f51aad99055ec837049febaee2.tar.gz src-4fd0162652a2e0f51aad99055ec837049febaee2.zip | |
nfsd: Fix NFS access to .zfs/snapshot snapshots
When a process attempts to access a snapshot under
/<dataset>/.zfs/snapshot, the snapshot is automounted.
However, without this patch, the automount does not
set mnt_exjail, which results in the snapshot not being
accessible over NFS.
This patch defines a new function called vfs_exjail_clone()
which sets mnt_exjail from another mount point and
then uses that function to set mnt_exjail in the snapshot
automount. A separate patch that is currently a pull request
for OpenZFS, calls this function to fix the problem.
PR: 275200
Approved by: so
Security: FreeBSD-EN-23:22.vfs
(cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)
(cherry picked from commit a7c25f0d064425bc7a3b170aa441fecf0ae38600)
| -rw-r--r-- | sys/kern/vfs_mount.c | 35 | ||||
| -rw-r--r-- | sys/sys/mount.h | 4 |
2 files changed, 39 insertions, 0 deletions
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 45ab9cfc93cc..25757356f86a 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -3119,6 +3119,41 @@ suspend_all_fs(void) mtx_unlock(&mountlist_mtx); } +/* + * Clone the mnt_exjail field to a new mount point. + */ +void +vfs_exjail_clone(struct mount *inmp, struct mount *outmp) +{ + struct ucred *cr; + struct prison *pr; + + MNT_ILOCK(inmp); + cr = inmp->mnt_exjail; + if (cr != NULL) { + crhold(cr); + MNT_IUNLOCK(inmp); + pr = cr->cr_prison; + sx_slock(&allprison_lock); + if (!prison_isalive(pr)) { + sx_sunlock(&allprison_lock); + crfree(cr); + return; + } + MNT_ILOCK(outmp); + if (outmp->mnt_exjail == NULL) { + outmp->mnt_exjail = cr; + atomic_add_int(&pr->pr_exportcnt, 1); + cr = NULL; + } + MNT_IUNLOCK(outmp); + sx_sunlock(&allprison_lock); + if (cr != NULL) + crfree(cr); + } else + MNT_IUNLOCK(inmp); +} + void resume_all_fs(void) { diff --git a/sys/sys/mount.h b/sys/sys/mount.h index c4e1f83e9683..70f4bc2b834e 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -980,6 +980,9 @@ enum vfs_notify_upper_type { * exported vnode operations */ +/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */ +#define VFS_SUPPORTS_EXJAIL_CLONE 1 + int dounmount(struct mount *, uint64_t, struct thread *); int kernel_mount(struct mntarg *ma, uint64_t flags); @@ -1016,6 +1019,7 @@ int vfs_setpublicfs /* set publicly exported fs */ (struct mount *, struct netexport *, struct export_args *); void vfs_periodic(struct mount *, int); int vfs_busy(struct mount *, int); +void vfs_exjail_clone(struct mount *, struct mount *); void vfs_exjail_delete(struct prison *); int vfs_export /* process mount export info */ (struct mount *, struct export_args *, bool); |