On Mon, 27 Nov 2017, J. Bruce Fields wrote:
Thanks for the patch:
On Mon, Nov 27, 2017 at 05:25:08PM -0200, Thiago Rafael Becker wrote:
In cases were mountd is managing the group membership for nfsd,
if a user has several groups, multiple nfsd threads may call
sort_groups for the same freshly created unix_gid_cache entry
simultaneously, causing entries to be overwritten and the cache
entry to get corrupted.
The groups_sort call is in set_groups, called from
fs/nfsd/auth.c:nfsd_setuser():
set_groups(new, gi);
where "gi" is usually (in the absence of id squashing) a pointer to
rqstp->rq_cred.cr_group_info, which can be in use by other threads.
To me it's pretty unintuitive that set_groups() would modify the group
info passed in the second argument. While we're here, I wonder if we
should make that the caller's responsibility? There are basically only
three callers outside this one.
But I'm OK with this patch. I probably need an OK from a vfs person to
take it through the nfsd tree?
--b.
I tend to agree. I have an updated version of the patches that I'll be
sending to a broader audience to see if they have any inputs.
