commit f36bd900a899088ca1925de079bd58d6205a1f3c Author: Trond Myklebust Date: Thu Mar 5 10:41:02 2026 -0500 Fix access checks when mounting subdirectories in NFSv3 If a NFSv3 client asks to mount a subdirectory of one of the exported directories, then apply the RPC credential together with any root or all squash rules that would apply to the client in question. Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 51738ae56d922d4961e60dad73ad1c2d97d8d99b Author: Trond Myklebust Date: Mon Nov 10 12:18:38 2025 -0500 support: Add a mini-library to extract and apply RPC credentials Add server functionality to extract the credentials from the client RPC call, and apply them. This is needed in order to perform access checking on the requested path in the mountd daemon. Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust Signed-off-by: Steve Dickson commit 42f01e6a78fed98f12437ac8b28cfb12b6bad056 Author: Trond Myklebust Date: Mon Nov 10 11:28:39 2025 -0500 mountd: Separate lookup of the exported directory and the mount path When the caller asks to mount a path that does not terminate with an exported directory, we want to split up the lookups so that we can look up the exported directory using the mountd privileged credential, and the remaining subdirectory lookups using the RPC caller's credential. Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust Signed-off-by: Steve Dickson commit 7e8b36522f58657359c6842119fc516c6dd1baa4 Author: Trond Myklebust Date: Mon Nov 10 11:26:03 2025 -0500 mountd: Minor refactor of get_rootfh() Perform the mountpoint checks before checking the user path. Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust Signed-off-by: Steve Dickson commit d681902a3a833ec1c9aad973155983d093c3f79f Author: Chuck Lever Date: Fri Mar 6 17:06:13 2026 -0500 mountstats: Fix per-operation percentages with nconnect Per-operation percentages reported by "mountstats --rpc" are inaccurate when an NFS mount uses nconnect. With nconnect=N, the kernel emits N separate "xprt:" lines in /proc/self/mountstats, one per transport. Each transport tracks its own rpcsends counter reflecting only RPCs routed through that connection. The parser overwrites rpcsends on each "xprt:" line, keeping only the last transport's value. Per-operation counts (READ, WRITE, etc.) are maintained in a single array per RPC client and reflect all RPCs across all transports. With nconnect=3 and balanced round-robin, rpcsends holds roughly one third of total RPCs while per-op counts hold the full total. display_rpc_op_stats() computes (op_count * 100) / rpcsends, yielding percentages roughly three times too large. Accumulate rpcsends, rpcreceives, badxids, backlogutil, sendutil, and pendutil across multiple "xprt:" lines. These are cumulative counters where the sum across transports gives the correct aggregate. Per-connection properties (port, bind_count, connect_count, connect_time, idle_time, maxslots, inflightsends) retain the value from the last transport seen. Signed-off-by: Chuck Lever Signed-off-by: Steve Dickson commit b59edc685f77d7c282a1dfca4187ebb703590cb6 Author: Frank Sorenson Date: Fri Mar 6 17:04:20 2026 -0500 nfsdclnts: fix display of stateids where the kernel doesn't provide the superblock If the stateid's file can't be found, the kernel will skip printing the superblock and filename in the 'states' procfile. When this happens, nfsdclnts crashes trying to reference the non-existent superblock key while getting the inode. Fix this by setting the inode field to 'N/A' when the superblock isn't present, as is done with other fields which may be missing. Signed-off-by: Frank Sorenson Signed-off-by: Steve Dickson commit 0f5fe65d83f7455112aea82bf96f99523cb03ca7 Author: Aaron Tomlin Date: Fri Mar 6 17:01:44 2026 -0500 nfsrahead: enable event-driven mountinfo monitoring and skip non-NFS devices The nfsrahead utility relies on parsing "/proc/self/mountinfo" to correlate a device number with a specific NFS mount point. However, due to the asynchronous nature of system initialisation, the relevant entry in mountinfo may not be immediately available when the tool is executed. Currently, the utility employs a naive polling mechanism, retrying the search five times with a fixed 50ms delay (totalling 250ms). This approach proves brittle on systems under heavy load or during distinctively slow boot sequences. To mitigate this race condition and improve robustness, update get_device_info() to utilise the libmount monitoring API. The new implementation introduces the following logic: 1. Initialises a monitor on /proc/self/mountinfo using mnt_new_monitor(). 2. Replaces the fixed polling loop with mnt_monitor_wait(). 3. Increases the maximum wait time to 10 seconds (MNT_NM_TIMEOUT). 4. Introduces a fast-path rejection mechanism. NFS backing devices are allocated from the kernel's unnamed block device pool (major number 0). While some local multi-device filesystems (such as Btrfs) also utilise anonymous device numbers, physical hardware block devices (e.g., sda, nvme) always possess specific, non-zero major numbers. By instantly exiting with -ENODEV for any device string not beginning with "0:", we safely bypass the monitor for physical drives, preventing the exhaustion of udev worker threads. See set_anon_super() and get_anon_bdev(). 5. Implements strict monotonic deadline tracking within the monitor loop to prevent indefinite blocking. Fixes: 2b62ac4c ("nfsrahead: enable event-driven mountinfo monitoring") Reported-by: Yi Zhang Link: https://lore.kernel.org/linux-block/CAHj4cs8URj2fJ7KyP9ViAm6npVOaMiAErnw2uFyPYEU2wb7G_w@mail.gmail.com/T/#t Signed-off-by: Aaron Tomlin Signed-off-by: Steve Dickson commit 957ad35aaa57d52aa503c075568fea3b185c1563 Author: Steve Dickson Date: Thu Mar 5 06:47:27 2026 -0500 Revert "nfsrahead: enable event-driven mountinfo monitoring" This reverts commit 2b62ac4c273a647df07400dc1126fceb76ad96c0. Most blktests block/ failed with "Timed out while waiting for udev queue to empty." [1] [1] https://lore.kernel.org/linux-block/CAHj4cs8URj2fJ7KyP9ViAm6npVOaMiAErnw2uFyPYEU2wb7G_w@mail.gmail.com/T/#t commit 4706bac0345f67c50b73fd8da1c2629ed15ff79d Author: Scott Mayhew Date: Thu Feb 26 12:48:04 2026 -0500 gssd: add a helper to determine the set of encryption types to pass to limit_krb5_enctypes() When the MIT kerberos library does a TGS request it initially does so with referrals enabled, using its default enctype list instead of the application-provided one. It still ensures that the resulting ticket is using an enctype from the application-provided list, it just might not be the highest priority enctype from the application-provided list. That can result in the machine cred's service ticket using a different enctype than a user cred's service ticket (particularly in the case of contrained delegation with gssproxy), which will lead to XDR decoding failures in the kernel. See https://bugs.debian.org/1120598. The best way to combat this to configure the krb5 library's permitted_enctypes list to have the same order as the kernel's gss_krb5_prepare_enctype_priority_list (which is set at build time), but not all distros do that. The second best way is to make sure our list is ordered according to the krb5 library's list, which can be accomplished via the helper function added by this patch. The list will be the intersection of: 1. allowed_enctypes - If allowed-enctypes is defined in nfs.conf, this is processed via get_allowed_enctypes() during gssd startup. 2. krb5_enctypes - This is the list of enctypes passed in the upcall from the kernel, and is processed via handle_gssd_upcall() -> parse_enctypes(). 3. lib_enctypes - Processed via get_krb5_library_permitted_enctypes() during gssd startup. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 0dcd8654eef565af9f54baabc532a09bc750843f Author: Scott Mayhew Date: Thu Feb 26 11:55:34 2026 -0500 gssd: get the permitted enctypes from the krb5 library on startup This will allow us to cross-reference the list of encryption types sent in the upcall from the kernel as well as the list of encryption types enabled via the allowed-enctypes option from nfs.conf with the list permitted by the krb5 library. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit afa43e480e16349815f1c7cba43645914ae62802 Author: Scott Mayhew Date: Thu Feb 26 11:44:15 2026 -0500 gssd: add enctypes_list_to_string() Add enctypes_list_to_string() to produce a human-friendly string that can be used in debug messages. The logic was mostly factored out of get_allowed_enctypes(). Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 0146d4a80e3d74f6edf76c570684d7cdcd456948 Author: Scott Mayhew Date: Thu Feb 26 08:53:59 2026 -0500 gssd: remove the limit-to-legacy-enctypes option This option allowed the admin to restrict the client to using single-DES encryption types, which were deprecated by RFC 6649 in July 2012. Support for single-DES encryption types was removed from the MIT KRB5 library in May 2019, and from kernel's RPCSEC_GSS KRB5 mechanism in June 2023. Signed-off-by: Steve Dickson commit 24b836768b198eb76ae63e490d37c166b9dafc41 Author: Rudi Heitbaum Date: Tue Feb 24 06:43:18 2026 -0500 conffile: fix discards const from pointer target end is used as the return from strchr(line) which is a const char and then again as the return from strchr(name) which is a char pointer to the strdup(line). Declare a const char * pounter for use in the first case, addressing the warning. fixes: conffile.c: In function 'is_tag': conffile.c:1711:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 1711 | end = strchr(line, '='); | ^ conffile.c: In function 'is_taggedcomment': conffile.c:1825:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 1825 | end = strchr(line, ':'); | ^ Signed-off-by: Rudi Heitbaum Signed-off-by: Steve Dickson commit cd194463d45a78ef6d3dba539d7dee4cf07fb4bd Author: Rudi Heitbaum Date: Tue Feb 24 06:40:53 2026 -0500 mount.nfs: fix discards const from pointer target dev is passed by nfs_parse_devname to nfs_parse_... as a copy of the device name, the parser destructively modifies dev, so pass as non const so that it can be modified without warning. fixes: parse_dev.c: In function 'nfs_parse_simple_hostname': parse_dev.c:89:15: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 89 | colon = strchr(dev, ':'); | ^ parse_dev.c:100:15: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 100 | comma = strchr(dev, ','); | ^ parse_dev.c: In function 'nfs_parse_square_bracket': parse_dev.c:146:16: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 146 | cbrace = strchr(dev, ']'); | ^ Signed-off-by: Rudi Heitbaum Signed-off-by: Steve Dickson commit 2b62ac4c273a647df07400dc1126fceb76ad96c0 Author: Aaron Tomlin Date: Tue Feb 24 06:37:50 2026 -0500 nfsrahead: enable event-driven mountinfo monitoring The nfsrahead utility relies on parsing "/proc/self/mountinfo" to correlate a device number with a specific NFS mount point. However, due to the asynchronous nature of system initialisation, the relevant entry in mountinfo may not be immediately available when the tool is executed. Currently, the utility employs a naive polling mechanism, retrying the search five times with a fixed 50ms delay (totalling 250ms). This approach proves brittle on systems under high load or during distinctively slow boot sequences, where the population of the mount table may exceed this brief window. Consequently, nfsrahead fails to configure the readahead value. To mitigate this race condition and improve robustness, update get_device_info() to utilise the libmount monitoring API. The new implementation: 1. Initialises a monitor on /proc/self/mountinfo using mnt_new_monitor(). 2. Replaces the fixed polling loop with mnt_monitor_wait(), allowing the process to sleep until the Linux kernel notifies userspace of a change to the mount table. 3. Increases the maximum wait time to 10 seconds (MNT_NM_TIMEOUT), significantly reducing the likelihood of a timeout failure whilst ensuring the tool returns immediately once the mount appears. 4. Retains the original polling logic as a fallback mechanism should the monitor fail to initialise. Signed-off-by: Aaron Tomlin Signed-off-by: Steve Dickson commit e4b62f87b2b4a34b1ac0d22b0d5513d83ce58f25 Author: Benjamin Coddington Date: Mon Feb 23 09:39:50 2026 -0500 nfsdctl: load modules on nl family resolution error There's a precedent of attempting to load kernel modules for userspace functionality: rpc.statd will "modprobe lockd" and rpc.nfsd will "mount -t nfsd" which uses the kernel's internal module loading to load the nfsd module. Let's do the same when nfsdctl's name resolution fails. First try to resolve and if that fails tray again a simple effort to load the required module. Reviewed-by: Jeff Layton Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit dc44b50ccf9c24fa52ce0b662a3eeb2832d5ab3d Author: Jeff Layton Date: Sun Feb 22 13:00:08 2026 -0500 nfsdctl: remove unneeded newlines from xlog() format strings Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 5646554a718f3f3914fcf7eb88e99d41131b4e23 Author: Jeff Layton Date: Sun Feb 22 12:53:37 2026 -0500 nfsdctl: query netlink policy before sending the minthreads attribute to kernel Ben reported a problem when using new nfs-utils with an old kernel that doesn't support the min-threads setting. While netlink is an extensible format, genetlink (which we are using) will reject unknown attributes by default with -EINVAL. We could fix this in the kernel by having it ignore unknown attributes, but there is no way to fix old kernels and silently ignoring it is less than ideal. By handling this in userland, we can properly error out when the kernel doesn't support this attribute. When starting, have nfsdctl query the kernel for the "policy" of the threads operation, and determine the highest attribute index it supports. For the "threads" command, have it fail if the --min-threads option is passed and the kernel doesn't support it. For "autostart", log a warning and ignore the setting. Fixes: 00e2e62b8998 ("nfsdctl: add support for min-threads parameter") Reported-by: Ben Coddington Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit c7c4529a04f054c2bfc2e0e35e90d3e4ec04bf19 Author: Jeff Layton Date: Sun Feb 22 12:51:59 2026 -0500 nfsdctl: only resolve netlink family names once The current code resolves the string name to an id for every netlink call. Just resolve the family names once and keep them. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 0d70e5d50da11b574aea55c1e88f0249de564bb6 Author: Jeff Layton Date: Sun Feb 22 12:50:31 2026 -0500 nfsdctl: unconditionally enable support for min-threads I originally had this depend on the system header, but if we maintain our copy of nfsd_netlink.h in tree, then we can unconditionally compile in support for the MIN_THREADS option. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson