On 02/01/2025 15:41, Jeff Layton wrote:
On Thu, 2025-01-02 at 11:08 +0200, Shaul Tamari wrote:
Hi,
I have a question regarding NFS4.1 write delegation stateid permission checks.
Is there a difference in how a server should check permissions for a
write delegation stateid that was given when the file was opened with:
1. OPEN4_SHARE_ACCESS_BOTH
2. OPEN4_SHARE_ACCESS_WRITE
(cc'ing Sagi since he was looking at this recently)
And completely dropped the ball on this :\
A write delegation really should have been called a read-write
delegation, because the server has to allow the client to do reads as
well, if you hold one.
Assuming the access check passes.
The Linux kernel nfs server doesn't currently give out delegations to
OPEN4_SHARE_ACCESS_WRITE-only opens for this reason. You have to
request BOTH in order to get one, because a permission check for write
is not sufficient to allow you to read as well.
Should the server check permissions for read access as well when
OPEN4_SHARE_ACCESS_WRITE is requested and DELEGATION_WRITE is granted
?
Possibly? When trying to grant a write delegation, the server should
probably also do an opportunistic permission check for read as well,
and only grant the delegation if that passes. If it fails, you could
still allow the open and just not grant the delegation.
Yes, that is what Chuck suggested at the time.
ISTR that Sagi may have tried this approach though and there was a
problem with it?
Not a problem per se, IIRC the thread left off that we need to sort out
access reference accounting for nfsd_file for both reads and writes for
a single write deleg...
