Message-id: <176896790525.16766.11792073987699294594@noble.neil.brown.name>
Date: Wed, 21 Jan 2026 14:58:25 +1100
From: NeilBrown <neilb@...mail.net>
To: "Jeff Layton" <jlayton@...nel.org>
Cc: "Christian Brauner" <brauner@...nel.org>,
 "Christoph Hellwig" <hch@...radead.org>,
 "Amir Goldstein" <amir73il@...il.com>,
 "Alexander Viro" <viro@...iv.linux.org.uk>,
 "Chuck Lever" <chuck.lever@...cle.com>,
 "Olga Kornievskaia" <okorniev@...hat.com>,
 "Dai Ngo" <Dai.Ngo@...cle.com>, "Tom Talpey" <tom@...pey.com>,
 "Hugh Dickins" <hughd@...gle.com>,
 "Baolin Wang" <baolin.wang@...ux.alibaba.com>,
 "Andrew Morton" <akpm@...ux-foundation.org>,
 "Theodore Ts'o" <tytso@....edu>,
 "Andreas Dilger" <adilger.kernel@...ger.ca>, "Jan Kara" <jack@...e.com>,
 "Gao Xiang" <xiang@...nel.org>, "Chao Yu" <chao@...nel.org>,
 "Yue Hu" <zbestahu@...il.com>, "Jeffle Xu" <jefflexu@...ux.alibaba.com>,
 "Sandeep Dhavale" <dhavale@...gle.com>,
 "Hongbo Li" <lihongbo22@...wei.com>, "Chunhai Guo" <guochunhai@...o.com>,
 "Carlos Maiolino" <cem@...nel.org>, "Ilya Dryomov" <idryomov@...il.com>,
 "Alex Markuze" <amarkuze@...hat.com>,
 "Viacheslav Dubeyko" <slava@...eyko.com>, "Chris Mason" <clm@...com>,
 "David Sterba" <dsterba@...e.com>,
 "Luis de Bethencourt" <luisbg@...nel.org>,
 "Salah Triki" <salah.triki@...il.com>,
 "Phillip Lougher" <phillip@...ashfs.org.uk>,
 "Steve French" <sfrench@...ba.org>, "Paulo Alcantara" <pc@...guebit.org>,
 "Ronnie Sahlberg" <ronniesahlberg@...il.com>,
 "Shyam Prasad N" <sprasad@...rosoft.com>,
 "Bharath SM" <bharathsm@...rosoft.com>,
 "Miklos Szeredi" <miklos@...redi.hu>,
 "Mike Marshall" <hubcap@...ibond.com>,
 "Martin Brandenburg" <martin@...ibond.com>,
 "Mark Fasheh" <mark@...heh.com>, "Joel Becker" <jlbec@...lplan.org>,
 "Joseph Qi" <joseph.qi@...ux.alibaba.com>,
 "Konstantin Komarov" <almaz.alexandrovich@...agon-software.com>,
 "Ryusuke Konishi" <konishi.ryusuke@...il.com>,
 "Trond Myklebust" <trondmy@...nel.org>,
 "Anna Schumaker" <anna@...nel.org>, "Dave Kleikamp" <shaggy@...nel.org>,
 "David Woodhouse" <dwmw2@...radead.org>,
 "Richard Weinberger" <richard@....at>, "Jan Kara" <jack@...e.cz>,
 "Andreas Gruenbacher" <agruenba@...hat.com>,
 "OGAWA Hirofumi" <hirofumi@...l.parknet.co.jp>,
 "Jaegeuk Kim" <jaegeuk@...nel.org>, linux-nfs@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
 linux-mm@...ck.org, linux-ext4@...r.kernel.org,
 linux-erofs@...ts.ozlabs.org, linux-xfs@...r.kernel.org,
 ceph-devel@...r.kernel.org, linux-btrfs@...r.kernel.org,
 linux-cifs@...r.kernel.org, linux-unionfs@...r.kernel.org,
 devel@...ts.orangefs.org, ocfs2-devel@...ts.linux.dev,
 ntfs3@...ts.linux.dev, linux-nilfs@...r.kernel.org,
 jfs-discussion@...ts.sourceforge.net, linux-mtd@...ts.infradead.org,
 gfs2@...ts.linux.dev, linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [PATCH 00/29] fs: require filesystems to explicitly opt-in to
 nfsd export support

On Tue, 20 Jan 2026, Jeff Layton wrote:
> On Tue, 2026-01-20 at 11:31 +0100, Christian Brauner wrote:
> > On Tue, Jan 20, 2026 at 08:41:50PM +1100, NeilBrown wrote:
> > > On Tue, 20 Jan 2026, Christian Brauner wrote:
> > > > On Tue, Jan 20, 2026 at 07:45:35AM +1100, NeilBrown wrote:
> > > > > On Mon, 19 Jan 2026, Christian Brauner wrote:
> > > > > > On Mon, Jan 19, 2026 at 06:22:42PM +1100, NeilBrown wrote:
> > > > > > > On Mon, 19 Jan 2026, Christoph Hellwig wrote:
> > > > > > > > On Mon, Jan 19, 2026 at 10:23:13AM +1100, NeilBrown wrote:
> > > > > > > > > > This was Chuck's suggested name. His point was that STABLE means that
> > > > > > > > > > the FH's don't change during the lifetime of the file.
> > > > > > > > > > 
> > > > > > > > > > I don't much care about the flag name, so if everyone likes PERSISTENT
> > > > > > > > > > better I'll roll with that.
> > > > > > > > > 
> > > > > > > > > I don't like PERSISTENT.
> > > > > > > > > I'd rather call a spade a spade.
> > > > > > > > > 
> > > > > > > > >   EXPORT_OP_SUPPORTS_NFS_EXPORT
> > > > > > > > > or
> > > > > > > > >   EXPORT_OP_NOT_NFS_COMPATIBLE
> > > > > > > > > 
> > > > > > > > > The issue here is NFS export and indirection doesn't bring any benefits.
> > > > > > > > 
> > > > > > > > No, it absolutely is not.  And the whole concept of calling something
> > > > > > > > after the initial or main use is a recipe for a mess.
> > > > > > > 
> > > > > > > We are calling it for it's only use.  If there was ever another use, we
> > > > > > > could change the name if that made sense.  It is not a public name, it
> > > > > > > is easy to change.
> > > > > > > 
> > > > > > > > 
> > > > > > > > Pick a name that conveys what the flag is about, and document those
> > > > > > > > semantics well.  This flag is about the fact that for a given file,
> > > > > > > > as long as that file exists in the file system the handle is stable.
> > > > > > > > Both stable and persistent are suitable for that, nfs is everything
> > > > > > > > but.
> > > > > > > 
> > > > > > > My understanding is that kernfs would not get the flag.
> > > > > > > kernfs filehandles do not change as long as the file exist.
> > > > > > > But this is not sufficient for the files to be usefully exported.
> > > > > > > 
> > > > > > > I suspect kernfs does re-use filehandles relatively soon after the
> > > > > > > file/object has been destroyed.  Maybe that is the real problem here:
> > > > > > > filehandle reuse, not filehandle stability.
> > > > > > > 
> > > > > > > Jeff: could you please give details (and preserve them in future cover
> > > > > > > letters) of which filesystems are known to have problems and what
> > > > > > > exactly those problems are?
> > > > > > > 
> > > > > > > > 
> > > > > > > > Remember nfs also support volatile file handles, and other applications
> > > > > > > > might rely on this (I know of quite a few user space applications that
> > > > > > > > do, but they are kinda hardwired to xfs anyway).
> > > > > > > 
> > > > > > > The NFS protocol supports volatile file handles.  knfsd does not.
> > > > > > > So maybe
> > > > > > >   EXPORT_OP_NOT_NFSD_COMPATIBLE
> > > > > > > might be better.  or EXPORT_OP_NOT_LINUX_NFSD_COMPATIBLE.
> > > > > > > (I prefer opt-out rather than opt-in because nfsd export was the
> > > > > > > original purpose of export_operations, but it isn't something
> > > > > > > I would fight for)
> > > > > > 
> > > > > > I prefer one of the variants you proposed here but I don't particularly
> > > > > > care. It's not a hill worth dying on. So if Christoph insists on the
> > > > > > other name then I say let's just go with it.
> > > > > > 
> > > > > 
> > > > > This sounds like you are recommending that we give in to bullying.
> > > > > I would rather the decision be made based on the facts of the case, not
> > > > > the opinions that are stated most bluntly.
> > > > > 
> > > > > I actually think that what Christoph wants is actually quite different
> > > > > from what Jeff wants, and maybe two flags are needed.  But I don't yet
> > > > > have a clear understanding of what Christoph wants, so I cannot be sure.
> > > > 
> > > > I've tried to indirectly ask whether you would be willing to compromise
> > > > here or whether you want to insist on your alternative name. Apparently
> > > > that didn't come through.
> > > 
> > > This would be the "not a hill worthy dying on" part of your statement.
> > > I think I see that implication now.
> > > But no, I don't think compromise is relevant.  I think the problem
> > > statement as originally given by Jeff is misleading, and people have
> > > been misled to an incorrect name.
> > > 
> > > > 
> > > > I'm unclear what your goal is in suggesting that I recommend "we" give
> > > > into bullying. All it achieved was to further derail this thread.
> > > > 
> > > 
> > > The "We" is the same as the "us" in "let's just go with it".
> > > 
> > > 
> > > > I also think it's not very helpful at v6 of the discussion to start
> > > > figuring out what the actual key rift between Jeff's and Christoph's
> > > > position is. If you've figured it out and gotten an agreement and this
> > > > is already in, send a follow-up series.
> > > 
> > > v6?  v2 was posted today.  But maybe you are referring the some other
> > > precursors.
> > > 
> > > The introductory statement in v2 is
> > > 
> > >    This patchset adds a flag that indicates whether the filesystem supports
> > >    stable filehandles (i.e. that they don't change over the life of the
> > >    file). It then makes any filesystem that doesn't set that flag
> > >    ineligible for nfsd export.
> > > 
> > > Nobody else questioned the validity of that.  I do.
> > > No evidence was given that there are *any* filesystems that don't
> > > support stable filehandles.  The only filesystem mentioned is cgroups
> > > and it DOES provide stable filehandles.
> > 
> 
> Across reboot? Not really.

Across reboot all the files are deleted and then new ones are created.
So there is nothing that needs to be stable.

> 
> It's quite possible that we may end up with the same "id" numbers in
> cgroupfs on a new incarnation of the filesystem after a reboot. The
> files in there are not the same ones as the ones before, but their
> filehandles may match because kernfs doesn't factor in an i_generation
> number.

That is is about filehandle re-use, not about filehandle stability.

> 
> Could we fix it by adding a random i_generation value or something?
> Possibly, but there really isn't a good use-case that I can see for
> allowing cgroupfs to be exported via nfsd. Best to disallow it until
> someone comes up with one.

100% agree.

> 
> > Oh yes we did. And this is a merry-go-round.
> > 
> > It is very much fine for a filesystems to support file handles without
> > wanting to support exporting via NFS. That is especially true for
> > in-kernel pseudo filesystems.
> > 
> > As I've said before multiple times I want a way to allow filesystems
> > such as pidfs and nsfs to use file handles without supporting export.
> > Whatever that fscking flag is called at this point I fundamentally don't
> > care. And we are reliving the same arguments over and over.
> > 
> > I will _hard NAK_ anything that starts mandating that export of
> > filesystems must be allowed simply because their file handles fit export
> > criteria. I do not care whether pidfs or nsfs file handles fit the bill.
> > They will not be exported.
> 
> I don't really care what we call the flag. I do care a little about
> what its semantics are, but the effect should be to ensure that fs
> maintainers make a conscious decision about whether nfsd export should
> be allowed on the filesystem. 

Why do you need a conscious decision so much that you want to try to
force it.
Of course we want conscious decisions and hope they are always made, but
trying to manipulate people to doing things often fails.  How sure are
you that fs developers won't just copy-paste some other implementation
and not think about the implications of the flag?

What is the down side?  What is the harm from allowing export (should the
admin attempt it)?
If there were serious security concerns - then sure, make it harder to
do the dangerous thing.
But if it is just "it doesn't make sense", then there is no harm in
letting people get away with not reading the documentation, and fixing
things later as complaints arrive.  That is generally how the process
works.

But if you really really want to set this new flag on almost every
export_operations, can I ask that you please set it on EVERY export
operations, then allow maintainers to remove it as they see fit.
I think that approach would be much easier to review.

With your current series it is non-trivial to determine which
export_operations you have chosen not to set the flag on.  If you had
one patch that set it everywhere, then individual patches to remove it,
that would be a lot easier to review.

Thanks,
NeilBrown


> 
> At this point, maybe we should just go with Neil's 
> EXPORT_OP_SUPPORTS_NFS_EXPORT or something. It's much more arbitrary,
> than trying to base this on criteria about filehandle stability, but it
> would give us the effect we want.
> 
> -- 
> Jeff Layton <jlayton@...nel.org>
> 

Powered by blists - more mailing lists