| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260119-exportfs-nfsd-v2-0-d93368f903bd@kernel.org>
Date: Mon, 19 Jan 2026 11:26:17 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Christian Brauner <brauner@...nel.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Chuck Lever <chuck.lever@...cle.com>, NeilBrown <neil@...wn.name>,
Olga Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>, Amir Goldstein <amir73il@...il.com>,
Hugh Dickins <hughd@...gle.com>,
Baolin Wang <baolin.wang@...ux.alibaba.com>,
Andrew Morton <akpm@...ux-foundation.org>, Theodore Ts'o <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>, Jan Kara <jack@...e.com>,
Gao Xiang <xiang@...nel.org>, Chao Yu <chao@...nel.org>,
Yue Hu <zbestahu@...il.com>, Jeffle Xu <jefflexu@...ux.alibaba.com>,
Sandeep Dhavale <dhavale@...gle.com>, Hongbo Li <lihongbo22@...wei.com>,
Chunhai Guo <guochunhai@...o.com>, Carlos Maiolino <cem@...nel.org>,
Ilya Dryomov <idryomov@...il.com>, Alex Markuze <amarkuze@...hat.com>,
Viacheslav Dubeyko <slava@...eyko.com>, Chris Mason <clm@...com>,
David Sterba <dsterba@...e.com>, Luis de Bethencourt <luisbg@...nel.org>,
Salah Triki <salah.triki@...il.com>,
Phillip Lougher <phillip@...ashfs.org.uk>, Steve French <sfrench@...ba.org>,
Paulo Alcantara <pc@...guebit.org>,
Ronnie Sahlberg <ronniesahlberg@...il.com>,
Shyam Prasad N <sprasad@...rosoft.com>,
Bharath SM <bharathsm@...rosoft.com>, Miklos Szeredi <miklos@...redi.hu>,
Mike Marshall <hubcap@...ibond.com>,
Martin Brandenburg <martin@...ibond.com>, Mark Fasheh <mark@...heh.com>,
Joel Becker <jlbec@...lplan.org>, Joseph Qi <joseph.qi@...ux.alibaba.com>,
Konstantin Komarov <almaz.alexandrovich@...agon-software.com>,
Ryusuke Konishi <konishi.ryusuke@...il.com>,
Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>,
Dave Kleikamp <shaggy@...nel.org>, David Woodhouse <dwmw2@...radead.org>,
Richard Weinberger <richard@....at>, Jan Kara <jack@...e.cz>,
Andreas Gruenbacher <agruenba@...hat.com>,
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
Jaegeuk Kim <jaegeuk@...nel.org>, Jonathan Corbet <corbet@....net>
Cc: David Laight <david.laight.linux@...il.com>,
Dave Chinner <david@...morbit.com>, Christoph Hellwig <hch@...radead.org>,
linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-ext4@...r.kernel.org, linux-erofs@...ts.ozlabs.org,
linux-xfs@...r.kernel.org, ceph-devel@...r.kernel.org,
linux-btrfs@...r.kernel.org, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org, linux-unionfs@...r.kernel.org,
devel@...ts.orangefs.org, ocfs2-devel@...ts.linux.dev,
ntfs3@...ts.linux.dev, linux-nilfs@...r.kernel.org,
jfs-discussion@...ts.sourceforge.net, linux-mtd@...ts.infradead.org,
gfs2@...ts.linux.dev, linux-f2fs-devel@...ts.sourceforge.net,
linux-doc@...r.kernel.org, Jeff Layton <jlayton@...nel.org>,
Viacheslav Dubeyko <Slava.Dubeyko@....com>,
Dave Kleikamp <dave.kleikamp@...cle.com>
Subject: [PATCH v2 00/31] fs: require filesystems to explicitly opt-in to
nfsd export support
This patchset adds a flag that indicates whether the filesystem supports
stable filehandles (i.e. that they don't change over the life of the
file). It then makes any filesystem that doesn't set that flag
ineligible for nfsd export.
The main only place I found where this was an issue today is cgroupfs,
which sane people don't export anyway. So, I don't see this as
addressing a major problem that we have today. Rather, this patchset
ensures that new filesystems that are added in the future make export
eligibility via nfsd a deliberate step, rather than something they've
inadvertently enabled just by adding filehandle support.
After some lively bikeshedding on v1, I think the consensus is to stick
with EXPORT_OP_STABLE_HANDLES as the flag name. Amir is correct that
checking this in check_export() is the better place to do this, since
the filehandle can't be decoded without resolving the export first.
There are a few other fixes and cleanups, and some doc updates too.
Signed-off-by: Jeff Layton <jlayton@...nel.org>
---
Changes in v2:
- don't set flag in ovl_export_fid_operations or fuse_export_fid_operations
- check for flag in check_export() instead of __fh_verify()
- document missing flags in exporting.rst
- convert dprintk() messages in check_export() to static tracepoints
- Link to v1: https://lore.kernel.org/r/20260115-exportfs-nfsd-v1-0-8e80160e3c0c@kernel.org
---
Jeff Layton (31):
Documentation: document EXPORT_OP_NOLOCKS
exportfs: add new EXPORT_OP_STABLE_HANDLES flag
tmpfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
ext4: add EXPORT_OP_STABLE_HANDLES flag to export operations
ext2: add EXPORT_OP_STABLE_HANDLES flag to export operations
erofs: add EXPORT_OP_STABLE_HANDLES flag to export operations
efs: add EXPORT_OP_STABLE_HANDLES flag to export operations
xfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
ceph: add EXPORT_OP_STABLE_HANDLES flag to export operations
btrfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
befs: add EXPORT_OP_STABLE_HANDLES flag to export operations
ufs: add EXPORT_OP_STABLE_HANDLES flag to export operations
udf: add EXPORT_OP_STABLE_HANDLES flag to export operations
affs: add EXPORT_OP_STABLE_HANDLES flag to export operations
squashfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
smb/client: add EXPORT_OP_STABLE_HANDLES flag to export operations
ovl: add EXPORT_OP_STABLE_HANDLES flag to export operations
orangefs: add EXPORT_OP_STABLE_HANDLES flag to export operations
ocfs2: add EXPORT_OP_STABLE_HANDLES flag to export operations
ntfs3: add EXPORT_OP_STABLE_HANDLES flag to export operations
nilfs2: add EXPORT_OP_STABLE_HANDLES flag to export operations
nfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
jfs: add EXPORT_OP_STABLE_HANDLES flag to export operations
jffs2: add EXPORT_OP_STABLE_HANDLES flag to export operations
isofs: add EXPORT_OP_STABLE_HANDLES flag to export operations
gfs2: add EXPORT_OP_STABLE_HANDLES flag to export operations
fuse: add EXPORT_OP_STABLE_HANDLES flag to export operations
fat: add EXPORT_OP_STABLE_HANDLES flag to export operations
f2fs: add EXPORT_OP_STABLE_HANDLES flag to export operations
nfsd: only allow filesystems that set EXPORT_OP_STABLE_HANDLES
nfsd: convert dprintks in check_export() to tracepoints
Documentation/filesystems/nfs/exporting.rst | 13 ++++++++
fs/affs/namei.c | 1 +
fs/befs/linuxvfs.c | 1 +
fs/btrfs/export.c | 1 +
fs/ceph/export.c | 1 +
fs/efs/super.c | 1 +
fs/erofs/super.c | 1 +
fs/ext2/super.c | 1 +
fs/ext4/super.c | 1 +
fs/f2fs/super.c | 1 +
fs/fat/nfs.c | 2 ++
fs/fuse/inode.c | 1 +
fs/gfs2/export.c | 1 +
fs/isofs/export.c | 1 +
fs/jffs2/super.c | 1 +
fs/jfs/super.c | 1 +
fs/nfs/export.c | 3 +-
fs/nfsd/export.c | 24 ++++++++-----
fs/nfsd/trace.h | 52 +++++++++++++++++++++++++++++
fs/nilfs2/namei.c | 1 +
fs/ntfs3/super.c | 1 +
fs/ocfs2/export.c | 1 +
fs/orangefs/super.c | 1 +
fs/overlayfs/export.c | 1 +
fs/smb/client/export.c | 1 +
fs/squashfs/export.c | 3 +-
fs/udf/namei.c | 1 +
fs/ufs/super.c | 1 +
fs/xfs/xfs_export.c | 1 +
include/linux/exportfs.h | 16 +++++----
mm/shmem.c | 1 +
31 files changed, 120 insertions(+), 17 deletions(-)
---
base-commit: c537e12daeecaecdcd322c56a5f70659d2de7bde
change-id: 20260114-exportfs-nfsd-12515072e9a9
Best regards,
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists