From: David Laight <david.laight.linux@gmail.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Jeff Layton <jlayton@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>, Jan Kara <jack@suse.cz>,
Luis de Bethencourt <luisbg@kernel.org>,
Salah Triki <salah.triki@gmail.com>,
Nicolas Pitre <nico@fluxnic.net>, Anders Larsen <al@alarsen.net>,
Alexander Viro <viro@zeniv.linux.org.uk>,
David Sterba <dsterba@suse.com>, Chris Mason <clm@fb.com>,
Gao Xiang <xiang@kernel.org>, Chao Yu <chao@kernel.org>,
Yue Hu <zbestahu@gmail.com>,
Jeffle Xu <jefflexu@linux.alibaba.com>,
Sandeep Dhavale <dhavale@google.com>,
Hongbo Li <lihongbo22@huawei.com>,
Chunhai Guo <guochunhai@vivo.com>, Jan Kara <jack@suse.com>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>,
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
David Woodhouse <dwmw2@infradead.org>,
Richard Weinberger <richard@nod.at>,
Dave Kleikamp <shaggy@kernel.org>,
Ryusuke Konishi <konishi.ryusuke@gmail.com>,
Viacheslav Dubeyko <slava@dubeyko.com>,
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>,
Mark Fasheh <mark@fasheh.com>, Joel Becker <jlbec@evilplan.org>,
Joseph Qi <joseph.qi@linux.alibaba.com>,
Mike Marshall <hubcap@omnibond.com>,
Martin Brandenburg <martin@omnibond.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Carlos Maiolino <cem@kernel.org>, Hugh Dickins <hughd@google.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
Andrew Morton <akpm@linux-foundation.org>,
Namjae Jeon <linkinjeon@kernel.org>,
Sungjong Seo <sj1557.seo@samsung.com>,
Yuezhang Mo <yuezhang.mo@sony.com>,
Alexander Aring <alex.aring@gmail.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Jonathan Corbet <corbet@lwn.net>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Eric Van Hensbergen <ericvh@kernel.org>,
Latchesar Ionkov <lucho@ionkov.net>,
Dominique Martinet <asmadeus@codewreck.org>,
Christian Schoenebeck <linux_oss@crudebyte.com>,
Xiubo Li <xiubli@redhat.com>, Ilya Dryomov <idryomov@gmail.com>,
Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>,
Steve French <sfrench@samba.org>,
Paulo Alcantara <pc@manguebit.org>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>,
Shyam Prasad N <sprasad@microsoft.com>,
Tom Talpey <tom@talpey.com>, Bharath SM <bharathsm@microsoft.com>,
Hans de Goede <hansg@kernel.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-erofs@lists.ozlabs.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org,
jfs-discussion@lists.sourceforge.net,
linux-nilfs@vger.kernel.org, ntfs3@lists.linux.dev,
ocfs2-devel@lists.linux.dev, devel@lists.orangefs.org,
linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org,
linux-mm@kvack.org, gfs2@lists.linux.dev,
linux-doc@vger.kernel.org, v9fs@lists.linux.dev,
ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-cifs@vger.kernel.org, samba-technical@lists.samba.org
Subject: Re: [PATCH 00/24] vfs: require filesystems to explicitly opt-in to lease support
Date: Wed, 14 Jan 2026 13:39:55 +0000 [thread overview]
Message-ID: <20260114133955.0a9f5cd3@pumpkin> (raw)
In-Reply-To: <CAOQ4uxhMjitW_DC9WK9eku51gE1Ft+ENhD=qq3uehwrHO=RByA@mail.gmail.com>
On Wed, 14 Jan 2026 10:34:04 +0100
Amir Goldstein <amir73il@gmail.com> wrote:
> On Wed, Jan 14, 2026 at 7:28 AM Christoph Hellwig <hch@infradead.org> wrote:
> >
> > On Tue, Jan 13, 2026 at 12:06:42PM -0500, Jeff Layton wrote:
> > > Fair point, but it's not that hard to conceive of a situation where
> > > someone inadvertantly exports cgroupfs or some similar filesystem:
> >
> > Sure. But how is this worse than accidentally exporting private data
> > or any other misconfiguration?
> >
>
> My POV is that it is less about security (as your question implies), and
> more about correctness.
>
> The special thing about NFS export, as opposed to, say, ksmbd, is
> open by file handle, IOW, the export_operations.
>
> I perceive this as a very strange and undesired situation when NFS
> file handles do not behave as persistent file handles.
>
> FUSE will gladly open a completely different object, sometimes
> a different object type from an NFS client request after server restart.
>
> I suppose that the same could happen with tmpfs and probably some
> other fs.
...
You really shouldn't be allowed to nfs export a fs that doesn't have
persistent file handles.
Even file handles containing 'random' numbers can be problematic.
The default used to be 'hard mounts' (not sure it is any more) which
caused the client (not Linux - too long ago) to loop in kernel
forever waiting for the server to recover the filesystem export.
The only resolution on that system was to reboot the client.
At least nfs can now use variable size file-ids.
When I was fixing some code that exported a layered fs (I pretty
much rewrote the fs at the same time) I did randomise the file-ids
so they (hopefully) became invalid after a reboot (only after suffering
some very corrupt filesystems!)
I found nfs (over udp) had some interesting 'features':
- If you export part of a fs you export all of it.
(Especially since this predated the randomisation of the inode
generation number.)
- If you give anyone access you give everyone access.
- If you give anyone write access you give everyone write access.
The latter two because the 'mount' protocol wasn't really needed
and the server didn't care where requests came from.
David
next prev parent reply other threads:[~2026-01-14 13:40 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-08 17:12 Jeff Layton
2026-01-08 17:12 ` [PATCH 01/24] fs: add setlease to generic_ro_fops and read-only filesystem directory operations Jeff Layton
2026-01-08 17:26 ` Jan Kara
2026-01-08 17:12 ` [PATCH 02/24] affs: add setlease file operation Jeff Layton
2026-01-08 21:26 ` David Sterba
2026-01-08 17:12 ` [PATCH 03/24] btrfs: " Jeff Layton
2026-01-08 21:26 ` David Sterba
2026-01-08 17:12 ` [PATCH 04/24] erofs: " Jeff Layton
2026-01-10 1:47 ` Chao Yu
2026-01-08 17:13 ` [PATCH 05/24] ext2: " Jeff Layton
2026-01-08 17:28 ` Jan Kara
2026-01-08 17:13 ` [PATCH 06/24] ext4: " Jeff Layton
2026-01-08 17:28 ` Jan Kara
2026-01-08 17:13 ` [PATCH 07/24] exfat: " Jeff Layton
2026-01-08 22:47 ` Namjae Jeon
2026-01-08 17:13 ` [PATCH 08/24] f2fs: " Jeff Layton
2026-01-10 1:47 ` Chao Yu
2026-01-08 17:13 ` [PATCH 09/24] fat: " Jeff Layton
2026-01-08 18:12 ` OGAWA Hirofumi
2026-01-08 17:13 ` [PATCH 10/24] gfs2: add a " Jeff Layton
2026-01-08 17:13 ` [PATCH 11/24] jffs2: add " Jeff Layton
2026-01-09 8:49 ` Richard Weinberger
2026-01-08 17:13 ` [PATCH 12/24] jfs: " Jeff Layton
2026-01-08 19:46 ` Dave Kleikamp
2026-01-09 7:40 ` Richard Weinberger
2026-01-09 8:48 ` Richard Weinberger
2026-01-08 17:13 ` [PATCH 13/24] nilfs2: " Jeff Layton
2026-01-09 5:26 ` Ryusuke Konishi
2026-01-08 17:13 ` [PATCH 14/24] ntfs3: " Jeff Layton
2026-01-08 17:13 ` [PATCH 15/24] ocfs2: " Jeff Layton
2026-01-08 17:29 ` Jan Kara
2026-01-08 17:13 ` [PATCH 16/24] orangefs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 17/24] overlayfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 18/24] squashfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 19/24] tmpfs: " Jeff Layton
2026-01-08 17:31 ` Jan Kara
2026-01-08 17:13 ` [PATCH 20/24] udf: " Jeff Layton
2026-01-08 17:29 ` Jan Kara
2026-01-08 17:13 ` [PATCH 21/24] ufs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 22/24] xfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 23/24] filelock: default to returning -EINVAL when ->setlease operation is NULL Jeff Layton
2026-01-08 17:34 ` Jan Kara
2026-01-08 17:13 ` [PATCH 24/24] fs: remove simple_nosetlease() Jeff Layton
2026-01-08 17:34 ` Jan Kara
2026-01-08 17:40 ` [PATCH 00/24] vfs: require filesystems to explicitly opt-in to lease support Jan Kara
2026-01-08 18:56 ` Jeff Layton
2026-01-09 9:26 ` Jan Kara
2026-01-09 18:52 ` Amir Goldstein
2026-01-12 9:49 ` Christian Brauner
2026-01-12 13:34 ` Jeff Layton
2026-01-12 14:31 ` Chuck Lever
2026-01-12 14:50 ` Jeff Layton
2026-01-13 8:54 ` Christian Brauner
2026-01-13 11:03 ` Amir Goldstein
2026-01-13 11:45 ` Jeff Layton
2026-01-13 14:03 ` Chuck Lever
2026-01-13 14:27 ` Jeff Layton
2026-01-13 14:31 ` Chuck Lever
2026-01-13 15:00 ` Jeff Layton
2026-01-13 14:54 ` Christoph Hellwig
2026-01-13 17:06 ` Jeff Layton
2026-01-14 6:28 ` Christoph Hellwig
2026-01-14 9:34 ` Amir Goldstein
2026-01-14 13:06 ` Christoph Hellwig
2026-01-14 13:41 ` Jeff Layton
2026-01-14 14:14 ` Amir Goldstein
2026-01-14 14:52 ` Chuck Lever
2026-01-14 15:05 ` Christoph Hellwig
2026-01-14 15:26 ` Christian Brauner
2026-01-14 15:20 ` Christian Brauner
2026-01-14 13:39 ` David Laight [this message]
2026-01-09 6:00 ` Christoph Hellwig
2026-01-09 8:03 ` Al Viro
2026-01-12 9:56 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260114133955.0a9f5cd3@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=adilger.kernel@dilger.ca \
--cc=agruenba@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=al@alarsen.net \
--cc=alex.aring@gmail.com \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=amir73il@gmail.com \
--cc=anna@kernel.org \
--cc=asmadeus@codewreck.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=bharathsm@microsoft.com \
--cc=brauner@kernel.org \
--cc=cem@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=chao@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=clm@fb.com \
--cc=corbet@lwn.net \
--cc=devel@lists.orangefs.org \
--cc=dhavale@google.com \
--cc=dsterba@suse.com \
--cc=dwmw2@infradead.org \
--cc=ericvh@kernel.org \
--cc=gfs2@lists.linux.dev \
--cc=guochunhai@vivo.com \
--cc=hansg@kernel.org \
--cc=hch@infradead.org \
--cc=hirofumi@mail.parknet.co.jp \
--cc=hubcap@omnibond.com \
--cc=hughd@google.com \
--cc=idryomov@gmail.com \
--cc=jack@suse.com \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=jefflexu@linux.alibaba.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=jlayton@kernel.org \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=konishi.ryusuke@gmail.com \
--cc=lihongbo22@huawei.com \
--cc=linkinjeon@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nilfs@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lucho@ionkov.net \
--cc=luisbg@kernel.org \
--cc=mark@fasheh.com \
--cc=martin@omnibond.com \
--cc=miklos@szeredi.hu \
--cc=nico@fluxnic.net \
--cc=ntfs3@lists.linux.dev \
--cc=ocfs2-devel@lists.linux.dev \
--cc=pc@manguebit.org \
--cc=phillip@squashfs.org.uk \
--cc=richard@nod.at \
--cc=ronniesahlberg@gmail.com \
--cc=salah.triki@gmail.com \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=shaggy@kernel.org \
--cc=sj1557.seo@samsung.com \
--cc=slava@dubeyko.com \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
--cc=trondmy@kernel.org \
--cc=tytso@mit.edu \
--cc=v9fs@lists.linux.dev \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=xiang@kernel.org \
--cc=xiubli@redhat.com \
--cc=yuezhang.mo@sony.com \
--cc=zbestahu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox