From: Jeff Layton <jlayton@kernel.org>
To: Christoph Hellwig <hch@infradead.org>,
Amir Goldstein <amir73il@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>, Jan Kara <jack@suse.cz>,
Luis de Bethencourt <luisbg@kernel.org>,
Salah Triki <salah.triki@gmail.com>,
Nicolas Pitre <nico@fluxnic.net>, Anders Larsen <al@alarsen.net>,
Alexander Viro <viro@zeniv.linux.org.uk>,
David Sterba <dsterba@suse.com>, Chris Mason <clm@fb.com>,
Gao Xiang <xiang@kernel.org>, Chao Yu <chao@kernel.org>,
Yue Hu <zbestahu@gmail.com>,
Jeffle Xu <jefflexu@linux.alibaba.com>,
Sandeep Dhavale <dhavale@google.com>,
Hongbo Li <lihongbo22@huawei.com>,
Chunhai Guo <guochunhai@vivo.com>, Jan Kara <jack@suse.com>,
Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>,
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
David Woodhouse <dwmw2@infradead.org>,
Richard Weinberger <richard@nod.at>,
Dave Kleikamp <shaggy@kernel.org>,
Ryusuke Konishi <konishi.ryusuke@gmail.com>,
Viacheslav Dubeyko <slava@dubeyko.com>,
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>,
Mark Fasheh <mark@fasheh.com>, Joel Becker <jlbec@evilplan.org>,
Joseph Qi <joseph.qi@linux.alibaba.com>,
Mike Marshall <hubcap@omnibond.com>,
Martin Brandenburg <martin@omnibond.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Carlos Maiolino <cem@kernel.org>,
Hugh Dickins <hughd@google.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
Andrew Morton <akpm@linux-foundation.org>,
Namjae Jeon <linkinjeon@kernel.org>,
Sungjong Seo <sj1557.seo@samsung.com>,
Yuezhang Mo <yuezhang.mo@sony.com>,
Alexander Aring <alex.aring@gmail.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Jonathan Corbet <corbet@lwn.net>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Eric Van Hensbergen <ericvh@kernel.org>,
Latchesar Ionkov <lucho@ionkov.net>,
Dominique Martinet <asmadeus@codewreck.org>,
Christian Schoenebeck <linux_oss@crudebyte.com>,
Xiubo Li <xiubli@redhat.com>, Ilya Dryomov <idryomov@gmail.com>,
Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>,
Steve French <sfrench@samba.org>,
Paulo Alcantara <pc@manguebit.org>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>,
Shyam Prasad N <sprasad@microsoft.com>,
Tom Talpey <tom@talpey.com>,
Bharath SM <bharathsm@microsoft.com>,
Hans de Goede <hansg@kernel.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-erofs@lists.ozlabs.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org,
jfs-discussion@lists.sourceforge.net,
linux-nilfs@vger.kernel.org, ntfs3@lists.linux.dev,
ocfs2-devel@lists.linux.dev, devel@lists.orangefs.org,
linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org,
linux-mm@kvack.org, gfs2@lists.linux.dev,
linux-doc@vger.kernel.org, v9fs@lists.linux.dev,
ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-cifs@vger.kernel.org, samba-technical@lists.samba.org
Subject: Re: [PATCH 00/24] vfs: require filesystems to explicitly opt-in to lease support
Date: Wed, 14 Jan 2026 08:41:16 -0500 [thread overview]
Message-ID: <c40862cd65a059ad45fa88f5473722ea5c5f70a5.camel@kernel.org> (raw)
In-Reply-To: <aWeUv2UUJ_NdgozS@infradead.org>
On Wed, 2026-01-14 at 05:06 -0800, Christoph Hellwig wrote:
> On Wed, Jan 14, 2026 at 10:34:04AM +0100, Amir Goldstein wrote:
> > On Wed, Jan 14, 2026 at 7:28 AM Christoph Hellwig <hch@infradead.org> wrote:
> > >
> > > On Tue, Jan 13, 2026 at 12:06:42PM -0500, Jeff Layton wrote:
> > > > Fair point, but it's not that hard to conceive of a situation where
> > > > someone inadvertantly exports cgroupfs or some similar filesystem:
> > >
> > > Sure. But how is this worse than accidentally exporting private data
> > > or any other misconfiguration?
> > >
> >
> > My POV is that it is less about security (as your question implies), and
> > more about correctness.
>
> I was just replying to Jeff.
>
> > The special thing about NFS export, as opposed to, say, ksmbd, is
> > open by file handle, IOW, the export_operations.
> >
> > I perceive this as a very strange and undesired situation when NFS
> > file handles do not behave as persistent file handles.
>
> That is not just very strange, but actually broken (discounting the
> obscure volatile file handles features not implemented in Linux NFS
> and NFSD). And the export ops always worked under the assumption
> that these file handles are indeed persistent. If they're not we
> do have a problem.
>
> >
> > cgroupfs, pidfs, nsfs, all gained open_by_handle_at() capability for
> > a known reason, which was NOT NFS export.
> >
> > If the author of open_by_handle_at() support (i.e. brauner) does not
> > wish to imply that those fs should be exported to NFS, why object?
>
> Because "want to export" is a stupid category.
>
> OTOH "NFS exporting doesn't actually properly work because someone
> overloaded export_ops with different semantics" is a valid category.
>
cgroupfs definitely doesn't behave as expected when exported via NFS.
The files aren't readable, at least. I'd also be surprised if the
filehandles were stable across a reboot, which is sort of necessary for
proper operation. I didn't test writing, but who knows whether that
might also just not work, crash the box, or do something else entirely.
I imagine this is the case for all sorts of filesystems like /proc,
/sys, etc. Those aren't exportable today (to my knowledge), but we're
growing export_operations across a wide range of fs's these days.
I'd prefer that we require someone to take the deliberate step to say
"yes, allow nfsd to access this type of filesystem".
> > We could have the opt-in/out of NFS export fixes per EXPORT_OP_
> > flags and we could even think of allowing admin to make this decision
> > per vfsmount (e.g. for cgroupfs).
> >
> > In any case, I fail to see how objecting to the possibility of NFS export
> > opt-out serves anyone.
>
> You're still think of it the wrong way. If we do have file systems
> that break the original exportfs semantics we need to fix that, and
> something like a "stable handles" flag will work well for that. But
> a totally arbitrary "is exportable" flag is total nonsense.
The problem there is that we very much do want to keep tmpfs
exportable, but it doesn't have stable handles (per-se).
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2026-01-14 13:41 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-08 17:12 Jeff Layton
2026-01-08 17:12 ` [PATCH 01/24] fs: add setlease to generic_ro_fops and read-only filesystem directory operations Jeff Layton
2026-01-08 17:26 ` Jan Kara
2026-01-08 17:12 ` [PATCH 02/24] affs: add setlease file operation Jeff Layton
2026-01-08 21:26 ` David Sterba
2026-01-08 17:12 ` [PATCH 03/24] btrfs: " Jeff Layton
2026-01-08 21:26 ` David Sterba
2026-01-08 17:12 ` [PATCH 04/24] erofs: " Jeff Layton
2026-01-10 1:47 ` Chao Yu
2026-01-08 17:13 ` [PATCH 05/24] ext2: " Jeff Layton
2026-01-08 17:28 ` Jan Kara
2026-01-08 17:13 ` [PATCH 06/24] ext4: " Jeff Layton
2026-01-08 17:28 ` Jan Kara
2026-01-08 17:13 ` [PATCH 07/24] exfat: " Jeff Layton
2026-01-08 22:47 ` Namjae Jeon
2026-01-08 17:13 ` [PATCH 08/24] f2fs: " Jeff Layton
2026-01-10 1:47 ` Chao Yu
2026-01-08 17:13 ` [PATCH 09/24] fat: " Jeff Layton
2026-01-08 18:12 ` OGAWA Hirofumi
2026-01-08 17:13 ` [PATCH 10/24] gfs2: add a " Jeff Layton
2026-01-08 17:13 ` [PATCH 11/24] jffs2: add " Jeff Layton
2026-01-09 8:49 ` Richard Weinberger
2026-01-08 17:13 ` [PATCH 12/24] jfs: " Jeff Layton
2026-01-08 19:46 ` Dave Kleikamp
2026-01-09 7:40 ` Richard Weinberger
2026-01-09 8:48 ` Richard Weinberger
2026-01-08 17:13 ` [PATCH 13/24] nilfs2: " Jeff Layton
2026-01-09 5:26 ` Ryusuke Konishi
2026-01-08 17:13 ` [PATCH 14/24] ntfs3: " Jeff Layton
2026-01-08 17:13 ` [PATCH 15/24] ocfs2: " Jeff Layton
2026-01-08 17:29 ` Jan Kara
2026-01-08 17:13 ` [PATCH 16/24] orangefs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 17/24] overlayfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 18/24] squashfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 19/24] tmpfs: " Jeff Layton
2026-01-08 17:31 ` Jan Kara
2026-01-08 17:13 ` [PATCH 20/24] udf: " Jeff Layton
2026-01-08 17:29 ` Jan Kara
2026-01-08 17:13 ` [PATCH 21/24] ufs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 22/24] xfs: " Jeff Layton
2026-01-08 17:13 ` [PATCH 23/24] filelock: default to returning -EINVAL when ->setlease operation is NULL Jeff Layton
2026-01-08 17:34 ` Jan Kara
2026-01-08 17:13 ` [PATCH 24/24] fs: remove simple_nosetlease() Jeff Layton
2026-01-08 17:34 ` Jan Kara
2026-01-08 17:40 ` [PATCH 00/24] vfs: require filesystems to explicitly opt-in to lease support Jan Kara
2026-01-08 18:56 ` Jeff Layton
2026-01-09 9:26 ` Jan Kara
2026-01-09 18:52 ` Amir Goldstein
2026-01-12 9:49 ` Christian Brauner
2026-01-12 13:34 ` Jeff Layton
2026-01-12 14:31 ` Chuck Lever
2026-01-12 14:50 ` Jeff Layton
2026-01-13 8:54 ` Christian Brauner
2026-01-13 11:03 ` Amir Goldstein
2026-01-13 11:45 ` Jeff Layton
2026-01-13 14:03 ` Chuck Lever
2026-01-13 14:27 ` Jeff Layton
2026-01-13 14:31 ` Chuck Lever
2026-01-13 15:00 ` Jeff Layton
2026-01-13 14:54 ` Christoph Hellwig
2026-01-13 17:06 ` Jeff Layton
2026-01-14 6:28 ` Christoph Hellwig
2026-01-14 9:34 ` Amir Goldstein
2026-01-14 13:06 ` Christoph Hellwig
2026-01-14 13:41 ` Jeff Layton [this message]
2026-01-14 14:14 ` Amir Goldstein
2026-01-14 14:52 ` Chuck Lever
2026-01-14 15:05 ` Christoph Hellwig
2026-01-14 15:26 ` Christian Brauner
2026-01-14 15:20 ` Christian Brauner
2026-01-14 13:39 ` David Laight
2026-01-09 6:00 ` Christoph Hellwig
2026-01-09 8:03 ` Al Viro
2026-01-12 9:56 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c40862cd65a059ad45fa88f5473722ea5c5f70a5.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=adilger.kernel@dilger.ca \
--cc=agruenba@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=al@alarsen.net \
--cc=alex.aring@gmail.com \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=amir73il@gmail.com \
--cc=anna@kernel.org \
--cc=asmadeus@codewreck.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=bharathsm@microsoft.com \
--cc=brauner@kernel.org \
--cc=cem@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=chao@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=clm@fb.com \
--cc=corbet@lwn.net \
--cc=devel@lists.orangefs.org \
--cc=dhavale@google.com \
--cc=dsterba@suse.com \
--cc=dwmw2@infradead.org \
--cc=ericvh@kernel.org \
--cc=gfs2@lists.linux.dev \
--cc=guochunhai@vivo.com \
--cc=hansg@kernel.org \
--cc=hch@infradead.org \
--cc=hirofumi@mail.parknet.co.jp \
--cc=hubcap@omnibond.com \
--cc=hughd@google.com \
--cc=idryomov@gmail.com \
--cc=jack@suse.com \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=jefflexu@linux.alibaba.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=konishi.ryusuke@gmail.com \
--cc=lihongbo22@huawei.com \
--cc=linkinjeon@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nilfs@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lucho@ionkov.net \
--cc=luisbg@kernel.org \
--cc=mark@fasheh.com \
--cc=martin@omnibond.com \
--cc=miklos@szeredi.hu \
--cc=nico@fluxnic.net \
--cc=ntfs3@lists.linux.dev \
--cc=ocfs2-devel@lists.linux.dev \
--cc=pc@manguebit.org \
--cc=phillip@squashfs.org.uk \
--cc=richard@nod.at \
--cc=ronniesahlberg@gmail.com \
--cc=salah.triki@gmail.com \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=shaggy@kernel.org \
--cc=sj1557.seo@samsung.com \
--cc=slava@dubeyko.com \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
--cc=trondmy@kernel.org \
--cc=tytso@mit.edu \
--cc=v9fs@lists.linux.dev \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=xiang@kernel.org \
--cc=xiubli@redhat.com \
--cc=yuezhang.mo@sony.com \
--cc=zbestahu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox