[LU-8656] IS_NOSEC check in vvp_io_write_start always returns false Created: 30/Sep/16 Updated: 08/Jun/21 Resolved: 10/Jun/17 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | Lustre 2.10.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Patrick Farrell (Inactive) | Assignee: | Patrick Farrell (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||
| Severity: | 3 | ||||||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||||||
| Description |
|
In vvp_io_write_start, we check "IS_NOSEC" to see whether or not to take the inode mutex. (This is to protect the automatic setuid bit removal when writing to a file.) This was added in patch http://review.whamcloud.com/19840 " Unfortunately, it looks like that check is not working correctly, and is always returning false, causing us to take the inode mutex. This may have some dependence on kernel version, as different versions vary in whether they provide IS_NOSEC. |
| Comments |
| Comment by Gerrit Updater [ 30/Sep/16 ] |
|
Patrick Farrell (paf@cray.com) uploaded a new patch: http://review.whamcloud.com/22853 |
| Comment by James A Simmons [ 30/Sep/16 ] |
|
Which kernel versions is this broken on? The backwards macros are taken straight from the upstream kernel. |
| Comment by Patrick Farrell (Inactive) [ 30/Sep/16 ] |
|
Confirmed the IS_NOSEC check isn't working right on CentOS 6 (which does not provide its own version of the check) and on SLES 12, which does. Andreas and I discussed this at LAD, I will share details of what we figured out as I work on fixing this. |
| Comment by Patrick Farrell (Inactive) [ 30/Sep/16 ] |
|
James, I don't know exactly. That's part of why I contributed the test, so it can run on the Intel infrastructure and hopefully on a few different kernel versions. |
| Comment by Patrick Farrell (Inactive) [ 30/Sep/16 ] |
|
James, Can you point me at where in the upstream kernel? I see this: static inline void inode_has_no_xattr(struct inode *inode) { if (!is_sxid(inode->i_mode) && (inode->i_sb->s_flags & MS_NOSEC)) inode->i_flags |= S_NOSEC; } But the second part of that is important too, perhaps? |
| Comment by Patrick Farrell (Inactive) [ 30/Sep/16 ] |
|
One weird note - I don't see why the check is wrong on CentOS 6, where IS_NOSEC is not provided by the kernel. In that case, it looks like our test should work. But it doesn't seem to, at least if my test framework test is correct. (I ran it outside of the framework, but still.) |
| Comment by James A Simmons [ 30/Sep/16 ] |
|
The commit that introduced the IS_NOSEC work is 69b4573296469fd3f70cf7044693074980517067 for the linux kernel. |
| Comment by Andreas Dilger [ 06/Oct/16 ] |
|
Patrick or James, it would be useful if you could provide a stack trace of where/how file_remove_perms() gets called, because I just can't find it in the code. |
| Comment by Patrick Farrell (Inactive) [ 06/Oct/16 ] |
|
Andreas - File_remove_privs. |
| Comment by Gerrit Updater [ 10/Jun/17 ] |
|
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/22853/ |
| Comment by Peter Jones [ 10/Jun/17 ] |
|
Landed for 2.10 |