lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aXDm8FPPOHs04w9m@infradead.org>
Date: Wed, 21 Jan 2026 06:47:12 -0800
From: Christoph Hellwig <hch@...radead.org>
To: Jeff Layton <jlayton@...nel.org>
Cc: NeilBrown <neil@...wn.name>, Christoph Hellwig <hch@...radead.org>,
	Christian Brauner <brauner@...nel.org>,
	Amir Goldstein <amir73il@...il.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Chuck Lever <chuck.lever@...cle.com>,
	Olga Kornievskaia <okorniev@...hat.com>,
	Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>,
	Hugh Dickins <hughd@...gle.com>,
	Baolin Wang <baolin.wang@...ux.alibaba.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Theodore Ts'o <tytso@....edu>,
	Andreas Dilger <adilger.kernel@...ger.ca>, Jan Kara <jack@...e.com>,
	Gao Xiang <xiang@...nel.org>, Chao Yu <chao@...nel.org>,
	Yue Hu <zbestahu@...il.com>, Jeffle Xu <jefflexu@...ux.alibaba.com>,
	Sandeep Dhavale <dhavale@...gle.com>,
	Hongbo Li <lihongbo22@...wei.com>,
	Chunhai Guo <guochunhai@...o.com>, Carlos Maiolino <cem@...nel.org>,
	Ilya Dryomov <idryomov@...il.com>,
	Alex Markuze <amarkuze@...hat.com>,
	Viacheslav Dubeyko <slava@...eyko.com>, Chris Mason <clm@...com>,
	David Sterba <dsterba@...e.com>,
	Luis de Bethencourt <luisbg@...nel.org>,
	Salah Triki <salah.triki@...il.com>,
	Phillip Lougher <phillip@...ashfs.org.uk>,
	Steve French <sfrench@...ba.org>,
	Paulo Alcantara <pc@...guebit.org>,
	Ronnie Sahlberg <ronniesahlberg@...il.com>,
	Shyam Prasad N <sprasad@...rosoft.com>,
	Bharath SM <bharathsm@...rosoft.com>,
	Miklos Szeredi <miklos@...redi.hu>,
	Mike Marshall <hubcap@...ibond.com>,
	Martin Brandenburg <martin@...ibond.com>,
	Mark Fasheh <mark@...heh.com>, Joel Becker <jlbec@...lplan.org>,
	Joseph Qi <joseph.qi@...ux.alibaba.com>,
	Konstantin Komarov <almaz.alexandrovich@...agon-software.com>,
	Ryusuke Konishi <konishi.ryusuke@...il.com>,
	Trond Myklebust <trondmy@...nel.org>,
	Anna Schumaker <anna@...nel.org>, Dave Kleikamp <shaggy@...nel.org>,
	David Woodhouse <dwmw2@...radead.org>,
	Richard Weinberger <richard@....at>, Jan Kara <jack@...e.cz>,
	Andreas Gruenbacher <agruenba@...hat.com>,
	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
	Jaegeuk Kim <jaegeuk@...nel.org>, linux-nfs@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-mm@...ck.org, linux-ext4@...r.kernel.org,
	linux-erofs@...ts.ozlabs.org, linux-xfs@...r.kernel.org,
	ceph-devel@...r.kernel.org, linux-btrfs@...r.kernel.org,
	linux-cifs@...r.kernel.org, linux-unionfs@...r.kernel.org,
	devel@...ts.orangefs.org, ocfs2-devel@...ts.linux.dev,
	ntfs3@...ts.linux.dev, linux-nilfs@...r.kernel.org,
	jfs-discussion@...ts.sourceforge.net, linux-mtd@...ts.infradead.org,
	gfs2@...ts.linux.dev, linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [PATCH 00/29] fs: require filesystems to explicitly opt-in to
 nfsd export support

On Wed, Jan 21, 2026 at 09:27:38AM -0500, Jeff Layton wrote:
> Using your definitions, stability is not a problem for Linux
> filesystems. The filehandles generally don't change after they have
> been established.

fat seems to be an exception as far as the 'real' file systems go.
And it did sound to me like some of the synthetic ones had similar
issues.

> > We'll still need a stable handles flag, and expose it to userspace
> > to avoid applications being tricked into using broken non-stable
> > file handles.  We should have caught that when they were added, but
> > didn't unfortunately.
> > 
> 
> If we assume he meant "unique handles" flag, then I think we're all
> mostly in agreement here.  As far as this patchset goes: what if we
> were to just rename EXPORT_OP_STABLE_HANDLES to
> EXPORT_OP_UNIQUE_HANDLES (and clean up the documentation), since that's
> the main issue for existing filesystems. It would be fairly simple to
> advertise handle uniqueness using statx or something.

Unique seems to also only capture part of it, but I could absolutely
live with it, if the documentation includes all aspecs.  But maybe
use persistent as in the nfs spec?

> 
> Alternately, instead of denying access to these filesystems, we could
> just fix these filesystems to create unique handles (a'la random
> i_generation value or something similar). That should mostly prevent
> filehandles from being reusable across a reboot on these filesystems.

Do we even want to provide access to them?

> That would leave cgroupfs and the like exportable via nfsd, but as you
> point out, we can't deny export by userland servers. If people want to
> do this kind of crazy stuff, maybe we shouldn't deny them after all.

I think Amirs patch would take care of that.  Although userland nfs
servers or other storage applications using the handle syscalls would
still see them.  Then again fixing the problem that some handles
did not fulfill the long standing (but not documented well enough)
semantics probably is a good fix on it's own.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ