| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8af369636c32b868f83669c49aea708ca3b894ac.camel@kernel.org>
Date: Thu, 08 Jan 2026 13:56:57 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Jan Kara <jack@...e.cz>
Cc: Luis de Bethencourt <luisbg@...nel.org>, Salah Triki
<salah.triki@...il.com>, Nicolas Pitre <nico@...xnic.net>, Christoph
Hellwig <hch@...radead.org>, Anders Larsen <al@...rsen.net>, Alexander
Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>,
David Sterba <dsterba@...e.com>, Chris Mason <clm@...com>, Gao Xiang
<xiang@...nel.org>, Chao Yu <chao@...nel.org>, Yue Hu
<zbestahu@...il.com>, Jeffle Xu <jefflexu@...ux.alibaba.com>, Sandeep
Dhavale <dhavale@...gle.com>, Hongbo Li <lihongbo22@...wei.com>, Chunhai
Guo <guochunhai@...o.com>, Jan Kara <jack@...e.com>, Theodore Ts'o
<tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, Jaegeuk Kim
<jaegeuk@...nel.org>, OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>, David
Woodhouse <dwmw2@...radead.org>, Richard Weinberger <richard@....at>,
Dave Kleikamp <shaggy@...nel.org>, Ryusuke Konishi
<konishi.ryusuke@...il.com>, Viacheslav Dubeyko <slava@...eyko.com>,
Konstantin Komarov <almaz.alexandrovich@...agon-software.com>, Mark Fasheh
<mark@...heh.com>, Joel Becker <jlbec@...lplan.org>, Joseph Qi
<joseph.qi@...ux.alibaba.com>, Mike Marshall <hubcap@...ibond.com>, Martin
Brandenburg <martin@...ibond.com>, Miklos Szeredi <miklos@...redi.hu>,
Amir Goldstein <amir73il@...il.com>, Phillip Lougher
<phillip@...ashfs.org.uk>, Carlos Maiolino <cem@...nel.org>, Hugh Dickins
<hughd@...gle.com>, Baolin Wang <baolin.wang@...ux.alibaba.com>, Andrew
Morton <akpm@...ux-foundation.org>, Namjae Jeon <linkinjeon@...nel.org>,
Sungjong Seo <sj1557.seo@...sung.com>, Yuezhang Mo <yuezhang.mo@...y.com>,
Chuck Lever <chuck.lever@...cle.com>, Alexander Aring
<alex.aring@...il.com>, Andreas Gruenbacher <agruenba@...hat.com>, Jonathan
Corbet <corbet@....net>, "Matthew Wilcox (Oracle)" <willy@...radead.org>,
Eric Van Hensbergen <ericvh@...nel.org>, Latchesar Ionkov
<lucho@...kov.net>, Dominique Martinet <asmadeus@...ewreck.org>, Christian
Schoenebeck <linux_oss@...debyte.com>, Xiubo Li <xiubli@...hat.com>, Ilya
Dryomov <idryomov@...il.com>, Trond Myklebust <trondmy@...nel.org>, Anna
Schumaker <anna@...nel.org>, Steve French <sfrench@...ba.org>, Paulo
Alcantara <pc@...guebit.org>, Ronnie Sahlberg <ronniesahlberg@...il.com>,
Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>,
Bharath SM <bharathsm@...rosoft.com>, Hans de Goede <hansg@...nel.org>,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-btrfs@...r.kernel.org, linux-erofs@...ts.ozlabs.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-mtd@...ts.infradead.org, jfs-discussion@...ts.sourceforge.net,
linux-nilfs@...r.kernel.org, ntfs3@...ts.linux.dev,
ocfs2-devel@...ts.linux.dev, devel@...ts.orangefs.org,
linux-unionfs@...r.kernel.org, linux-xfs@...r.kernel.org,
linux-mm@...ck.org, gfs2@...ts.linux.dev, linux-doc@...r.kernel.org,
v9fs@...ts.linux.dev, ceph-devel@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org
Subject: Re: [PATCH 00/24] vfs: require filesystems to explicitly opt-in to
lease support
On Thu, 2026-01-08 at 18:40 +0100, Jan Kara wrote:
> On Thu 08-01-26 12:12:55, Jeff Layton wrote:
> > Yesterday, I sent patches to fix how directory delegation support is
> > handled on filesystems where the should be disabled [1]. That set is
> > appropriate for v6.19. For v7.0, I want to make lease support be more
> > opt-in, rather than opt-out:
> >
> > For historical reasons, when ->setlease() file_operation is set to NULL,
> > the default is to use the kernel-internal lease implementation. This
> > means that if you want to disable them, you need to explicitly set the
> > ->setlease() file_operation to simple_nosetlease() or the equivalent.
> >
> > This has caused a number of problems over the years as some filesystems
> > have inadvertantly allowed leases to be acquired simply by having left
> > it set to NULL. It would be better if filesystems had to opt-in to lease
> > support, particularly with the advent of directory delegations.
> >
> > This series has sets the ->setlease() operation in a pile of existing
> > local filesystems to generic_setlease() and then changes
> > kernel_setlease() to return -EINVAL when the setlease() operation is not
> > set.
> >
> > With this change, new filesystems will need to explicitly set the
> > ->setlease() operations in order to provide lease and delegation
> > support.
> >
> > I mainly focused on filesystems that are NFS exportable, since NFS and
> > SMB are the main users of file leases, and they tend to end up exporting
> > the same filesystem types. Let me know if I've missed any.
>
> So, what about kernfs and fuse? They seem to be exportable and don't have
> .setlease set...
>
Yes, FUSE needs this too. I'll add a patch for that.
As far as kernfs goes: AIUI, that's basically what sysfs and resctrl
are built on. Do we really expect people to set leases there?
I guess it's technically a regression since you could set them on those
sorts of files earlier, but people don't usually export kernfs based
filesystems via NFS or SMB, and that seems like something that could be
used to make mischief.
AFAICT, kernfs_export_ops is mostly to support open_by_handle_at(). See
commit aa8188253474 ("kernfs: add exportfs operations").
One idea: we could add a wrapper around generic_setlease() for
filesystems like this that will do a WARN_ONCE() and then call
generic_setlease(). That would keep leases working on them but we might
get some reports that would tell us who's setting leases on these files
and why.
Thanks for the review!
> >
> > [1]: https://lore.kernel.org/linux-fsdevel/20260107-setlease-6-19-v1-0-85f034abcc57@kernel.org/
> >
> > Signed-off-by: Jeff Layton <jlayton@...nel.org>
> > ---
> > Jeff Layton (24):
> > fs: add setlease to generic_ro_fops and read-only filesystem directory operations
> > affs: add setlease file operation
> > btrfs: add setlease file operation
> > erofs: add setlease file operation
> > ext2: add setlease file operation
> > ext4: add setlease file operation
> > exfat: add setlease file operation
> > f2fs: add setlease file operation
> > fat: add setlease file operation
> > gfs2: add a setlease file operation
> > jffs2: add setlease file operation
> > jfs: add setlease file operation
> > nilfs2: add setlease file operation
> > ntfs3: add setlease file operation
> > ocfs2: add setlease file operation
> > orangefs: add setlease file operation
> > overlayfs: add setlease file operation
> > squashfs: add setlease file operation
> > tmpfs: add setlease file operation
> > udf: add setlease file operation
> > ufs: add setlease file operation
> > xfs: add setlease file operation
> > filelock: default to returning -EINVAL when ->setlease operation is NULL
> > fs: remove simple_nosetlease()
> >
> > Documentation/filesystems/porting.rst | 9 +++++++++
> > Documentation/filesystems/vfs.rst | 9 ++++++---
> > fs/9p/vfs_dir.c | 2 --
> > fs/9p/vfs_file.c | 2 --
> > fs/affs/dir.c | 2 ++
> > fs/affs/file.c | 2 ++
> > fs/befs/linuxvfs.c | 2 ++
> > fs/btrfs/file.c | 2 ++
> > fs/btrfs/inode.c | 2 ++
> > fs/ceph/dir.c | 2 --
> > fs/ceph/file.c | 1 -
> > fs/cramfs/inode.c | 2 ++
> > fs/efs/dir.c | 2 ++
> > fs/erofs/data.c | 2 ++
> > fs/erofs/dir.c | 2 ++
> > fs/exfat/dir.c | 2 ++
> > fs/exfat/file.c | 2 ++
> > fs/ext2/dir.c | 2 ++
> > fs/ext2/file.c | 2 ++
> > fs/ext4/dir.c | 2 ++
> > fs/ext4/file.c | 2 ++
> > fs/f2fs/dir.c | 2 ++
> > fs/f2fs/file.c | 2 ++
> > fs/fat/dir.c | 2 ++
> > fs/fat/file.c | 2 ++
> > fs/freevxfs/vxfs_lookup.c | 2 ++
> > fs/fuse/dir.c | 1 -
> > fs/gfs2/file.c | 3 +--
> > fs/isofs/dir.c | 2 ++
> > fs/jffs2/dir.c | 2 ++
> > fs/jffs2/file.c | 2 ++
> > fs/jfs/file.c | 2 ++
> > fs/jfs/namei.c | 2 ++
> > fs/libfs.c | 20 ++------------------
> > fs/locks.c | 3 +--
> > fs/nfs/dir.c | 1 -
> > fs/nfs/file.c | 1 -
> > fs/nilfs2/dir.c | 3 ++-
> > fs/nilfs2/file.c | 2 ++
> > fs/ntfs3/dir.c | 3 +++
> > fs/ntfs3/file.c | 3 +++
> > fs/ocfs2/file.c | 5 +++++
> > fs/orangefs/dir.c | 4 +++-
> > fs/orangefs/file.c | 1 +
> > fs/overlayfs/file.c | 2 ++
> > fs/overlayfs/readdir.c | 2 ++
> > fs/qnx4/dir.c | 2 ++
> > fs/qnx6/dir.c | 2 ++
> > fs/read_write.c | 2 ++
> > fs/smb/client/cifsfs.c | 1 -
> > fs/squashfs/dir.c | 2 ++
> > fs/squashfs/file.c | 4 +++-
> > fs/udf/dir.c | 2 ++
> > fs/udf/file.c | 2 ++
> > fs/ufs/dir.c | 2 ++
> > fs/ufs/file.c | 2 ++
> > fs/vboxsf/dir.c | 1 -
> > fs/vboxsf/file.c | 1 -
> > fs/xfs/xfs_file.c | 3 +++
> > include/linux/fs.h | 1 -
> > mm/shmem.c | 2 ++
> > 61 files changed, 116 insertions(+), 42 deletions(-)
> > ---
> > base-commit: 731ce71a6c8adb8b8f873643beacaeedc1564500
> > change-id: 20260107-setlease-6-20-299eb5695c5a
> >
> > Best regards,
> > --
> > Jeff Layton <jlayton@...nel.org>
> >
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists