APPLIED[L]: [SRU][Kinetic][Lunar][PATCH 0/3] NFS: client permission error after adding user to permissible group

Chengen Du chengen.du at canonical.com
Tue Feb 7 10:18:35 UTC 2023 

Hi Andrea,

I noticed that the patch does not be applied to kinetic.
May I ask if is there any concern?

Best regards,
Chengen Du

On Tue, Jan 31, 2023 at 7:29 AM Andrea Righi <andrea.righi at canonical.com> wrote:
>
> On Sat, Jan 21, 2023 at 10:25:46PM +0800, Chengen Du wrote:
> > [Impact]
> > The NFS client's access cache becomes stale due to the user's group membership changing on the server after the user has already logged in on the client.
> > The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or timeout (without delegation).
> > Adding a user to a group in the NFS server will not cause any file attributes to change.
> > The client will encounter permission errors until other file attributes are changed or the memory cache is dropped.
> >
> > [Fix]
> > The access cache shall be cleared once the user logs out and logs back in again.
> >
> > 0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache upon login
> > 029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's timestamp in rcu path
> > 5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
> >
> > [Test Plan]
> > 1.[client side] testuser is not part of testgroup
> >   testuser at kinetic:~$ ls -ld /mnt/private/
> >   drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
> >   testuser at kinetic:~$ mktemp -p /mnt/private/
> >   mktemp: failed to create file via template
> >   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> > 2.[server side] add testuser into testgroup, which has access to folder
> >   root at kinetic:~$ usermod -aG testgroup testuser &&
> >   echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
> > 3.[client side] create a file again but still fail
> >   testuser at kinetic:~$ mktemp -p /mnt/private/
> >   mktemp: failed to create file via template
> >   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> >
> > [Where problems could occur]
> > The fix will apply upstream commits, so the regression can be considered as low.
>
> Applied to lunar/linux (linux-unstable already has these patches).
>
> Thanks,
> -Andrea

More information about the kernel-team mailing list