commit 60c3838305371a3536f3b0b09262d6f6baf8f06a Author: Jeff Layton Date: Thu Apr 2 15:04:16 2026 -0400 mountd/exportd/exportfs: add --no-netlink option to disable netlink Add a --no-netlink command-line option (short: -L) and no-netlink= config file setting that disables netlink support, forcing the use of /proc interfaces instead. For mountd and exportd, the setting lives in their respective [mountd] and [exportd] sections of nfs.conf. exportfs will look in either stanza for the setting. This is useful for debugging, testing the /proc fallback path, or working around kernel netlink issues. Signed-off-by: Steve Dickson commit 4b0320e201ff7d2354c290cd3fd3b81b591772a7 Author: Jeff Layton Date: Thu Apr 2 14:49:48 2026 -0400 exportfs: use netlink to probe kernel support, skip export_test Refactor can_test() to first try resolving the sunrpc genl family via netlink. If successful, the kernel supports the new netlink-based cache interfaces and we can skip the advisory export_test() probe -- mountd and exportd will validate exports at cache-fill time via check_export(). can_test() now returns: 2 = netlink available (skip export_test) 1 = /proc available (keep export_test as before) 0 = neither available Update validate_export() to check this return value and skip the export_test() calls when netlink is available. Link exportfs against libnl3/libnl-genl-3 (already a mandatory build dependency for nfs-utils). Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 11e26321fb8fecef091a02b1fce6b708c8472ca6 Author: Jeff Layton Date: Thu Apr 2 14:26:18 2026 -0400 exportfs: add netlink support for cache flush with /proc fallback Move cache_flush() from support/nfs/cacheio.c to a new file support/export/cache_flush.c, which has access to libnl. The new implementation tries netlink first: - Sends SUNRPC_CMD_CACHE_FLUSH to flush auth.unix.ip and auth.unix.gid - Sends NFSD_CMD_CACHE_FLUSH to flush nfsd.fh and nfsd.export - Flushes sunrpc caches before nfsd caches to maintain dependency order If the sunrpc genl family cannot be resolved (older kernel), falls back to the original /proc/net/rpc/*/flush write path. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 0e1f13879e118f13a08ea4a536a4fea6ee730838 Author: Jeff Layton Date: Thu Apr 2 10:52:49 2026 -0400 exportd/mountd: use cache type from notifications to target scanning Parse the NFSD_A_CACHE_NOTIFY_CACHE_TYPE and SUNRPC_A_CACHE_NOTIFY_CACHE_TYPE attributes from netlink multicast notifications to determine which specific caches have pending requests. Only issue GET_REQS for the caches that actually need servicing, avoiding unnecessary netlink round-trips. If the notification can't be parsed, fall back to scanning all caches for that family. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 1d135ca30043ea8c23f6d0131bf5def4b8e7c230 Author: Jeff Layton Date: Thu Apr 2 10:49:58 2026 -0400 support/export: check for pending requests after opening netlink sockets It's possible for there to be requests queued before mountd comes online. Always check for already-pending requests after opening netlink sockets. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit f91c5518a87474d6d98736f80ad6a848d7b180df Author: Jeff Layton Date: Thu Apr 2 10:46:59 2026 -0400 mountd/exportd: only use /proc interfaces if netlink setup fails Now that all of the exportd upcalls are converted to use netlink, don't bother opening /proc channel files if that succeeds. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit de5bddea5933a008853f0e0b8f6440156dc28309 Author: Jeff Layton Date: Thu Apr 2 10:44:17 2026 -0400 exportd/mountd: add netlink support for the auth.unix.gid cache Add the unix_gid (auth.unix.gid) netlink cache handler. For each pending request, the handler resolves the UID to a group list using getpwuid() and getgrouplist(), and responds via SUNRPC_CMD_UNIX_GID_SET_REQS. The handler is only active when manage_gids is set, matching the behavior of the existing procfs handler. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 51e9bc7e7ba7c4ecd078628385e2ca4fc79eee5b Author: Jeff Layton Date: Thu Apr 2 10:41:49 2026 -0400 exportd/mountd: add netlink support for the auth.unix.ip cache Refactor cache_nfsd_nl_open() into a generic cache_genl_open() helper that takes the family name, multicast group name, and output pointers for the command socket, notification socket, and resolved family ID. Convert cache_nfsd_nl_open() to use it. Add the sunrpc genl family socket setup for handling auth.unix.ip and auth.unix.gid cache upcalls. The sunrpc family is resolved at startup and silently falls back if the kernel doesn't support it. Add the ip_map (auth.unix.ip) netlink cache handler. For each pending request, the handler resolves the IP address using client_resolve() and responds via SUNRPC_CMD_IP_MAP_SET_REQS with the domain name or a negative entry. Wire the sunrpc notification socket into cache_open(), cache_set_fds(), and cache_process_req(). Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 437eaebde53c5366d85a7c5b963a3047234bb750 Author: Jeff Layton Date: Thu Apr 2 10:39:19 2026 -0400 exportd/mountd: add netlink support for the nfsd.fh cache Refactor cache_nl_set_reqs() to take a socket parameter so it can be reused for multiple genl families. Rename cache_nl_process() to cache_nl_process_export() and factor out the notification drain and auth_reload() into a new cache_nfsd_nl_process() wrapper. Add the expkey (nfsd.fh) netlink cache handler, which uses the same nfsd genl family as svc_export. The handler resolves fsid-based lookups including CROSSMOUNT submount iteration and responds via NFSD_CMD_EXPKEY_SET_REQS. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 55b217df7bf97296c32e98fb664d545cb0a776a9 Author: Jeff Layton Date: Thu Apr 2 10:36:08 2026 -0400 exportd/mountd: add netlink support for svc_export cache Add netlink-based svc_export cache handling alongside the existing procfs channel mechanism. When the kernel sends an NFSD_CMD_SVC_EXPORT_NOTIFY multicast notification on the "exportd" genetlink group, userspace responds by issuing NFSD_CMD_SVC_EXPORT_GET_REQS to retrieve all pending export requests, resolving each one via lookup_export(), and sending back the results with NFSD_CMD_SVC_EXPORT_SET_REQS. Two netlink sockets are used: a non-blocking notification socket that joins the multicast group and is integrated into the existing select() loop, and a blocking command socket for the GET_REQS dump and SET_REQS response. The notification socket is added to the fd_set in cache_set_fds() and checked in cache_process_req(). If the kernel does not support the nfsd genetlink family or the "exportd" multicast group (older kernels), the netlink setup silently fails and the daemon falls back to procfs-only operation. Both mechanisms can coexist safely since the kernel's CACHE_PENDING check prevents duplicate processing. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 00d8a83f4129c35688e9a64362758a1572a1de77 Author: Jeff Layton Date: Thu Apr 2 10:32:09 2026 -0400 xlog: claim D_FAC3 as D_NETLINK Nothing uses the D_FAC* debugging bits, so claim D_FAC3 as D_NETLINK for logging about netlink activity. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit d2fa3421f857e04de7f79cdf3114a0fe73983d25 Author: Jeff Layton Date: Thu Apr 2 10:29:01 2026 -0400 build: add libnl3 and netlink header support for exportd and mountd Add libnl3 dependency and netlink header detection for exportd and mountd builds. Update the nfsd_netlink.h sentinel to check for NFSD_A_EXPKEY_SEQNO to ensure the system header includes expkey support. Add AC_COMPILE_IFELSE check for sunrpc_netlink.h using SUNRPC_CMD_CACHE_NOTIFY as sentinel. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 0715f694569c6e7312fae7ad701eb7be2d065d42 Author: Jeff Layton Date: Thu Apr 2 10:23:42 2026 -0400 support/include: update netlink headers for all cache upcalls Sync the bundled nfsd_netlink.h with the current kernel UAPI header. This brings in: - NFSD_CACHE_TYPE_EXPKEY in the cache-type enum - NFSD_A_SVC_EXPORT_FLAGS and NFSD_A_SVC_EXPORT_FSID attributes - NFSD_A_EXPKEY_* and NFSD_A_EXPKEY_REQS_* attribute enums - NFSD_CMD_EXPKEY_GET_REQS and NFSD_CMD_EXPKEY_SET_REQS commands - NFSD_CMD_CACHE_FLUSH command Add a new bundled sunrpc_netlink.h header for the sunrpc genl family, which handles auth.unix.ip and auth.unix.gid cache upcalls via netlink. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 3ed77cba95e70db0d9f25f796d5b3fd09ad81b68 Author: Jeff Layton Date: Thu Apr 2 10:17:53 2026 -0400 exportfs: remove obsolete legacy mode documentation from manpage The exportfs manpage described a "legacy mode" for 2.4 and earlier kernels that used the nfsservctl() syscall to inject exports directly into the kernel. This syscall was removed from the kernel in Linux 3.1 and the corresponding nfs-utils code was dropped long ago. Remove the outdated text and simplify the description. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 5a04c227d2f9dfe1b5e7b35e840288b0c270ad9b Author: Jeff Layton Date: Thu Apr 2 10:15:28 2026 -0400 support/export: remove unnecessary static variables in nfsd_fh expkey lookup The prev and mnt variables in the CROSSMOUNT submount iteration loop only need to persist across iterations of the inner for loop, not across calls to the function. Convert them from static to local variables scoped to the outer for loop. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 61f1e18dfed09d7ca22d0e681086ea2bcbc1e4ca Author: Jeff Layton Date: Thu Apr 2 10:11:30 2026 -0400 nfsdctl: move *_netlink.h to support/include/ Move lockd_netlink.h and nfsd_netlink.h from utils/nfsdctl/ to support/include/ so they are available to other components. The support/include/ directory is already in the default include path (via AC_CONFIG_HEADERS), so no source-level #include changes are needed. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit a06a3251c2eb1316f781149f8b7f9acd9d41e7fc Author: Olga Kornievskaia Date: Sun Mar 29 15:33:13 2026 -0400 nfsdctl: check for listeners before starting threads When a thread command is executed and yet no listeners have been added prior to it, instead of failing with EIO error print an informative error. Also, "thread 0" command should not error regardless of the listener status. Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit ae18b8ea46eb1f5afb3467e411b7f54b49736da2 Author: Benjamin Coddington Date: Fri Mar 27 07:51:05 2026 -0400 nfsdctl/rpc.nfsd: Add support for passing encrypted filehandle key If fh-key-file= is set in the nfsd section of nfs.conf, the "nfsdctl autostart" command will hash the contents of the file with libuuid's uuid_generate_sha1 and send the first 16 bytes into the kernel on NFSD_A_SERVER_FH_KEY. A compatible kernel can use this key to sign filehandles. Also add -k, --fh-key-file= option to the "nfsdctl threads" command effecting the same result. Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit 20c41d66e2ea71f625562f012545d9c2ba7014d7 Author: Benjamin Coddington Date: Wed Mar 25 13:27:36 2026 -0400 exportfs: Add support for export option sign_fh If configured with "sign_fh", exports will be flagged to signal that filehandles should be signed with a Message Authentication Code (MAC). Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit f2b3455e246d8ffad0bb9b4fb1f9775b7f3ebbee Author: Salvatore Bonaccorso Date: Sun Mar 29 16:08:14 2026 -0400 nfs.conf: nfsd: Reflect disable v4.0 by default value In bb3f98c848a0 ("nfsd: disable v4.0 by default") and 27b9d85dbc30 ("nfsdctl: disable v4.0 by default") v4.0 was switched to be disabled by default. For consistency reflect as well the 'default off' change in the commented entry for vers4.0 in the nfsd section of the nfs.conf configuration file. Cc: Jeff Layton Cc: Steve Dickson Reviewed-by: Jeff Layton Signed-off-by: Salvatore Bonaccorso Signed-off-by: Steve Dickson commit 27b9d85dbc30181b142cd677806159704f52cd88 Author: Jeff Layton Date: Mon Oct 27 10:48:31 2025 -0400 nfsdctl: disable v4.0 by default Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit bb3f98c848a0ddd05fccf7a8d117fb869a7f5186 Author: Jeff Layton Date: Mon Oct 27 10:47:15 2025 -0400 nfsd: disable v4.0 by default Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson