On Wed, 28 Aug 2024, Mike Snitzer wrote: > > So I honestly feel like Chuck's latest revision is perfectly fine. > I disagree that "The behavior for LOCALIO is therefore the same as > the AUTH_UNIX check below." is inaccurate. The precondition from the > client (used to establish localio and cause rqstp to be NULL in > check_nfsd_access) is effectively comparable no? > I don't think the correctness of the code is at all related to AUTH_UNIX. Suppose we did add support for krb5 somehow - would we really need a different test? I think not. I think that the reason the code is correct and safe is that we trust the client. We *know* the client will only present an filehandle which it has received over the wire and which it verified - with the accompanying credential - it was allowed to access. Maybe that is what you meant by "The precondition from the client". I agree that does give us sufficient safety. I don't think AUTH_UNIX is relevant. /* * If rqstp is NULL, this is a LOCALIO request which will only ever use * filehandle/credential pair for which access has been affirmed (by * ACCESS or OPEN NFS requests) over the wire. So there is no need for * further checks here. */ (It wasn't quite this clear to me when I wrote previously - but I always seems to think more clearly in the mornings!) Thanks, NeilBrown
