Makes sense to me, thanks.--b.
On Mon, Nov 30, 2020 at 04:24:51PM -0500, trondmy@xxxxxxxxxx wrote:
> From: Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx>
>
> When we start allowing NFS to be reexported, then we have some problems
> when it comes to subtree checking. In principle, we could allow it, but
> it would mean encoding parent info in the filehandles and there may not
> be enough space for that in a NFSv3 filehandle.
>
> To enforce this at export upcall time, we add a new export_ops flag
> that declares the filesystem ineligible for subtree checking.
>
> Signed-off-by: Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx>
> Signed-off-by: Lance Shelton <lance.shelton@xxxxxxxxxxxxxxx>
> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
> ---
> Documentation/filesystems/nfs/exporting.rst | 14 +++++++++++++-
> fs/nfs/export.c | 2 +-
> fs/nfsd/export.c | 6 ++++++
> include/linux/exportfs.h | 1 +
> 4 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/filesystems/nfs/exporting.rst b/Documentation/filesystems/nfs/exporting.rst
> index a3e3805833d1..960be64446cb 100644
> --- a/Documentation/filesystems/nfs/exporting.rst
> +++ b/Documentation/filesystems/nfs/exporting.rst
> @@ -176,7 +176,7 @@ contains a "flags" field that allows the filesystem to communicate to nfsd
> that it may want to do things differently when dealing with it. The
> following flags are defined:
>
> - EXPORT_OP_NOWCC
> + EXPORT_OP_NOWCC - disable NFSv3 WCC attributes on this filesystem
> RFC 1813 recommends that servers always send weak cache consistency
> (WCC) data to the client after each operation. The server should
> atomically collect attributes about the inode, do an operation on it,
> @@ -190,3 +190,15 @@ following flags are defined:
> this on filesystems that have an expensive ->getattr inode operation,
> or when atomicity between pre and post operation attribute collection
> is impossible to guarantee.
> +
> + EXPORT_OP_NOSUBTREECHK - disallow subtree checking on this fs
> + Many NFS operations deal with filehandles, which the server must then
> + vet to ensure that they live inside of an exported tree. When the
> + export consists of an entire filesystem, this is trivial. nfsd can just
> + ensure that the filehandle live on the filesystem. When only part of a
> + filesystem is exported however, then nfsd must walk the ancestors of the
> + inode to ensure that it's within an exported subtree. This is an
> + expensive operation and not all filesystems can support it properly.
> + This flag exempts the filesystem from subtree checking and causes
> + exportfs to get back an error if it tries to enable subtree checking
> + on it.
> diff --git a/fs/nfs/export.c b/fs/nfs/export.c
> index 8f4c528865c5..b9ba306bf912 100644
> --- a/fs/nfs/export.c
> +++ b/fs/nfs/export.c
> @@ -171,5 +171,5 @@ const struct export_operations nfs_export_ops = {
> .encode_fh = nfs_encode_fh,
> .fh_to_dentry = nfs_fh_to_dentry,
> .get_parent = nfs_get_parent,
> - .flags = EXPORT_OP_NOWCC,
> + .flags = EXPORT_OP_NOWCC|EXPORT_OP_NOSUBTREECHK,
> };
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index 21e404e7cb68..81e7bb12aca6 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -408,6 +408,12 @@ static int check_export(struct inode *inode, int *flags, unsigned char *uuid)
> return -EINVAL;
> }
>
> + if (inode->i_sb->s_export_op->flags & EXPORT_OP_NOSUBTREECHK &&
> + !(*flags & NFSEXP_NOSUBTREECHECK)) {
> + dprintk("%s: %s does not support subtree checking!\n",
> + __func__, inode->i_sb->s_type->name);
> + return -EINVAL;
> + }
> return 0;
>
> }
> diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h
> index e7de0103a32e..2fcbab0f6b61 100644
> --- a/include/linux/exportfs.h
> +++ b/include/linux/exportfs.h
> @@ -214,6 +214,7 @@ struct export_operations {
> int (*commit_blocks)(struct inode *inode, struct iomap *iomaps,
> int nr_iomaps, struct iattr *iattr);
> #define EXPORT_OP_NOWCC (0x1) /* Don't collect wcc data for NFSv3 replies */
> +#define EXPORT_OP_NOSUBTREECHK (0x2) /* Subtree checking is not supported! */
> unsigned long flags;
> };
>
> --
> 2.28.0
