APPLIED[L]: [SRU][Kinetic][Lunar][PATCH 0/3] NFS: client permission error after adding user to permissible group

[Andrea Righi]

On Sat, Jan 21, 2023 at 10:25:46PM +0800, Chengen Du wrote:
> [Impact]
> The NFS client's access cache becomes stale due to the user's group membership changing on the server after the user has already logged in on the client.
> The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or timeout (without delegation).
> Adding a user to a group in the NFS server will not cause any file attributes to change.
> The client will encounter permission errors until other file attributes are changed or the memory cache is dropped.
> 
> [Fix]
> The access cache shall be cleared once the user logs out and logs back in again.
> 
> 0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache upon login
> 029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's timestamp in rcu path
> 5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
> 
> [Test Plan]
> 1.[client side] testuser is not part of testgroup
>   testuser at kinetic:~$ ls -ld /mnt/private/
>   drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
>   testuser at kinetic:~$ mktemp -p /mnt/private/
>   mktemp: failed to create file via template
>   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> 2.[server side] add testuser into testgroup, which has access to folder
>   root at kinetic:~$ usermod -aG testgroup testuser &&
>   echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
> 3.[client side] create a file again but still fail
>   testuser at kinetic:~$ mktemp -p /mnt/private/
>   mktemp: failed to create file via template
>   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> 
> [Where problems could occur]
> The fix will apply upstream commits, so the regression can be considered as low.

Applied to lunar/linux (linux-unstable already has these patches).

Thanks,
-Andrea