From ba4cb8ee0bc20afa74bd689eccaf11b8d606213a Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Tue, 13 Jan 2026 11:43:55 +0100 Subject: [RFC][PATCH] nfsd: do not allow exporting of special kernel filesystems pidfs and nsfs recently gained support for encode/decode of file handles via name_to_handle_at(2)/opan_by_handle_at(2). These special kernel filesystems have custom ->open() and ->permission() export methods, which nfsd does not respect and it was never meant to be used for exporting those filesystems by nfsd. Therefore, do not allow nfsd to export filesystems with custom ->open() or ->permission() methods. Fixes: b3caba8f7a34a ("pidfs: implement file handle support") Fixes: 5222470b2fbb3 ("nsfs: support file handles") Signed-off-by: Amir Goldstein --- fs/nfsd/export.c | 5 +++-- include/linux/exportfs.h | 9 +++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 2a1499f2ad196..92ac8cb0bdecd 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -437,8 +437,9 @@ static int check_export(const struct path *path, int *flags, unsigned char *uuid return -EINVAL; } - if (!exportfs_can_decode_fh(inode->i_sb->s_export_op)) { - dprintk("exp_export: export of invalid fs type.\n"); + if (!exportfs_may_nfs_export(inode->i_sb->s_export_op)) { + dprintk("exp_export: export of invalid fs type (%s).\n", + inode->i_sb->s_type->name); return -EINVAL; } diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index f0cf2714ec52d..3ec780802c14e 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -317,6 +317,15 @@ static inline bool exportfs_can_decode_fh(const struct export_operations *nop) return nop && nop->fh_to_dentry; } +static inline bool exportfs_may_nfs_export(const struct export_operations *nop) +{ + /* + * Do not allow exporting to NFS filesystems with custom ->open() and + * ->permission() ops, which nfsd does not respect (e.g. pidfs, nsfs). + */ + return exportfs_can_decode_fh(nop) && !nop->open && !nop->permission; +} + static inline bool exportfs_can_encode_fh(const struct export_operations *nop, int fh_flags) { -- 2.52.0