Bug 275200

Summary: NFS mounts cannot access ZFS snapshots in /<dataset>/.zfs
Product: Base System Reporter: Rick Macklem <rmacklem>
Component: kernAssignee: Rick Macklem <rmacklem>
Status: Closed FIXED    
Severity: Affects Some People CC: bugs.freebsd.org, emaste, grahamperrin, markj, mm
Priority: --- Flags: rmacklem: mfc-stable14+
rmacklem: mfc-stable13+
Version: 14.0-RELEASE   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 275215    
Attachments:
Description Flags
Set mnt_exjail for an automounted ZFS snapshot
none
Set mnt_exjail for an automounted ZFS snapshot none

Description Rick Macklem freebsd_committer freebsd_triage 2023-11-19 14:45:02 UTC 
Created attachment 246422 [details]
Set mnt_exjail for an automounted ZFS snapshot

Commit 88175af added a check for exported to
correct jail, using a new mount field called
mnt_exjail.  This field is filled in when a
file system is exported.

Unfortunately, this filed is not filled in
when /<dataset>/.zfs/snapshot/<snapshit-name>
is automounted.  As a result, access to this
automounted snapshot is not allowed via NFS.

The attached patch, which sets mnt_exjail for
this case, seems to fix the problem.
This patch is now on phabricator as D42672.

I will leave this PR open until an errata
for FreeBSD 14.0 is done to fix the problem.
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-11-23 15:26:12 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=f5f277728adec4c5b3e840a1fb16bd16f8cc956d

commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-11-23 15:23:33 +0000

    nfsd: Fix NFS access to .zfs/snapshot snapshots

    When a process attempts to access a snapshot under
    /<dataset>/.zfs/snapshot, the snapshot is automounted.
    However, without this patch, the automount does not
    set mnt_exjail, which results in the snapshot not being
    accessible over NFS.

    This patch defines a new function called vfs_exjail_clone()
    which sets mnt_exjail from another mount point and
    then uses that function to set mnt_exjail in the snapshot
    automount.  A separate patch that is currently a pull request
    for OpenZFS, calls this function to fix the problem.

    PR:     275200
    Reviewed by:    markj
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D42672

 sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
 sys/sys/mount.h      |  4 ++++
 2 files changed, 39 insertions(+)
Comment 2 Rick Macklem freebsd_committer freebsd_triage 2023-11-23 15:38:19 UTC 
Created attachment 246517 [details]
Set mnt_exjail for an automounted ZFS snapshot

This version of the patch should be safe
when vfs_exjail_clone() is called just when
a jail is dying.
Comment 3 Rick Macklem freebsd_committer freebsd_triage 2023-11-23 15:39:46 UTC 
The vfs_exjail_clone() part of the patch has been
committed to main and will be MFC'd in 3 days.
The ZFS part of the patch is being done as a
pull request on OpenZFS.
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-11-26 00:55:35 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=a7c25f0d064425bc7a3b170aa441fecf0ae38600

commit a7c25f0d064425bc7a3b170aa441fecf0ae38600
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-11-26 00:53:29 +0000

    nfsd: Fix NFS access to .zfs/snapshot snapshots

    When a process attempts to access a snapshot under
    /<dataset>/.zfs/snapshot, the snapshot is automounted.
    However, without this patch, the automount does not
    set mnt_exjail, which results in the snapshot not being
    accessible over NFS.

    This patch defines a new function called vfs_exjail_clone()
    which sets mnt_exjail from another mount point and
    then uses that function to set mnt_exjail in the snapshot
    automount.  A separate patch that is currently a pull request
    for OpenZFS, calls this function to fix the problem.

    PR:     275200

    (cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)

 sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
 sys/sys/mount.h      |  4 ++++
 2 files changed, 39 insertions(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-11-30 12:32:02 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7aaf39f6b3b0bc5cc171eac7ca118d17460ea5db

commit 7aaf39f6b3b0bc5cc171eac7ca118d17460ea5db
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-11-30 12:28:50 +0000

    nfsd: Fix NFS access to .zfs/snapshot snapshots

    When a process attempts to access a snapshot under
    /<dataset>/.zfs/snapshot, the snapshot is automounted.
    However, without this patch, the automount does not
    set mnt_exjail, which results in the snapshot not being
    accessible over NFS.

    This patch defines a new function called vfs_exjail_clone()
    which sets mnt_exjail from another mount point and
    then uses that function to set mnt_exjail in the snapshot
    automount.  A separate patch that is currently a pull request
    for OpenZFS, calls this function to fix the problem.

    PR:     275200

    (cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)

 sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
 sys/sys/mount.h      |  4 ++++
 2 files changed, 39 insertions(+)
Comment 6 Mark Johnston freebsd_committer freebsd_triage 2023-12-04 16:08:27 UTC 
It looks like the ZFS component of the change has not yet landed in stable/13.  That is, stable/13 doesn't have this commit: https://cgit.freebsd.org/src/commit/?id=acb33ee1c169bf1c1f687db18fa1815ffa68f246

Is there any reason we cannot cherry-pick it directly?
Comment 7 Rick Macklem freebsd_committer freebsd_triage 2023-12-04 23:37:24 UTC 
It appears the patch has now been MFC'd to stable/14 and stable/13,
since emaste@ has committed the ZFS part to stable/13.

It also appears that an EN to releng/14.0 is in progress.
I will close this PR once that has happened.

Thanks everyone for your help with this.
Comment 8 commit-hook freebsd_committer freebsd_triage 2023-12-05 18:28:45 UTC 
A commit in branch releng/14.0 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4fd0162652a2e0f51aad99055ec837049febaee2

commit 4fd0162652a2e0f51aad99055ec837049febaee2
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-23 15:23:33 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-04 15:45:11 +0000

    nfsd: Fix NFS access to .zfs/snapshot snapshots

    When a process attempts to access a snapshot under
    /<dataset>/.zfs/snapshot, the snapshot is automounted.
    However, without this patch, the automount does not
    set mnt_exjail, which results in the snapshot not being
    accessible over NFS.

    This patch defines a new function called vfs_exjail_clone()
    which sets mnt_exjail from another mount point and
    then uses that function to set mnt_exjail in the snapshot
    automount.  A separate patch that is currently a pull request
    for OpenZFS, calls this function to fix the problem.

    PR:     275200
    Approved by:    so
    Security:       FreeBSD-EN-23:22.vfs

    (cherry picked from commit f5f277728adec4c5b3e840a1fb16bd16f8cc956d)
    (cherry picked from commit a7c25f0d064425bc7a3b170aa441fecf0ae38600)

 sys/kern/vfs_mount.c | 35 +++++++++++++++++++++++++++++++++++
 sys/sys/mount.h      |  4 ++++
 2 files changed, 39 insertions(+)
Comment 9 Mark Johnston freebsd_committer freebsd_triage 2023-12-05 18:44:16 UTC 
Fixed in 14.0-RELEASE-p2.