On Mon, Jan 29, 2018 at 02:42:49PM +0100, Wolfgang Walter wrote:
> Hello!
>
> Am Montag, 29. Januar 2018, 13:22:49 schrieb Wolfgang Walter:
> > Hello,
> >
> > after upgrading our nfs-server from 4.9.75 to 4.9.78 group permissions stop
> > working (for clients). If you need group permissions to access a file or
> > directory, sometimes access is granted, but rather often denied. Often
> > access to the same object is denied within seconds after access was granted
> > in an earlier access. user permissions work fine.
> >
> > Downgrading to 4.9.75 fixes the issue.
> >
> > We use kerberos.
> >
> > Regards,
>
> This seems to be fixed in 4.15 with commit
> 1995266727fa8143897e89b55f5d3c79aa828420:
>
>
> commit 1995266727fa8143897e89b55f5d3c79aa828420
> Author: Ben Hutchings <ben.hutchi...@codethink.co.uk>
> Date: Mon Jan 22 20:11:06 2018 +0000
>
> nfsd: auth: Fix gid sorting when rootsquash enabled
>
> Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
> group_info allocators") appears to break nfsd rootsquash in a pretty
> major way.
>
> It adds a call to groups_sort() inside the loop that copies/squashes
> gids, which means the valid gids are sorted along with the following
> garbage. The net result is that the highest numbered valid gids are
> replaced with any lower-valued garbage gids, possibly including 0.
>
> We should sort only once, after filling in all the gids.
>
> Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
> ...")
> Signed-off-by: Ben Hutchings <ben.hutchi...@codethink.co.uk>
> Acked-by: J. Bruce Fields <bfie...@redhat.com>
> Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
>
>
> So this should be applied to stables 4.4, 4.9 and 4.14 (and others where
> bdcf0a423ea1 has been backported to).
Ah, good catch, I missed that this had been merged already.
Now queued up to all relevant stable trees, thanks so much for the
report.
greg k-h
