tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nfsd: do not allow exporting of special kernel filesystems

pidfs and nsfs recently gained support for encode/decode of file handles
via name_to_handle_at(2)/open_by_handle_at(2).

These special kernel filesystems have custom ->open() and ->permission()
export methods, which nfsd does not respect and it was never meant to be
used for exporting those filesystems by nfsd.

Therefore, do not allow nfsd to export filesystems with custom ->open()
or ->permission() methods.

Fixes: b3caba8f7a34a ("pidfs: implement file handle support")
Fixes: 5222470b2fbb3 ("nsfs: support file handles")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Link: https://patch.msgid.link/20260129100212.49727-3-amir73il@gmail.com
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

authored by

Amir Goldstein and committed by
Christian Brauner b3c78bc5 a39162f7

+14 -3
+5 -3
fs/nfsd/export.c
··· 427 427 * either a device number (so FS_REQUIRES_DEV needed) 428 428 * or an FSID number (so NFSEXP_FSID or ->uuid is needed). 429 429 * 2: We must be able to find an inode from a filehandle. 430 - * This means that s_export_op must be set. 430 + * This means that s_export_op must be set and comply with 431 + * the requirements for remote filesystem export. 431 432 * 3: We must not currently be on an idmapped mount. 432 433 */ 433 434 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) && ··· 438 437 return -EINVAL; 439 438 } 440 439 441 - if (!exportfs_can_decode_fh(inode->i_sb->s_export_op)) { 442 - dprintk("exp_export: export of invalid fs type.\n"); 440 + if (!exportfs_may_export(inode->i_sb->s_export_op)) { 441 + dprintk("exp_export: export of invalid fs type (%s).\n", 442 + inode->i_sb->s_type->name); 443 443 return -EINVAL; 444 444 } 445 445
+9
include/linux/exportfs.h
··· 338 338 return nop && nop->fh_to_dentry; 339 339 } 340 340 341 + static inline bool exportfs_may_export(const struct export_operations *nop) 342 + { 343 + /* 344 + * Do not allow nfs export for filesystems with custom ->open() or 345 + * ->permission() ops, which nfsd does not respect (e.g. pidfs, nsfs). 346 + */ 347 + return exportfs_can_decode_fh(nop) && !nop->open && !nop->permission; 348 + } 349 + 341 350 static inline bool exportfs_can_encode_fh(const struct export_operations *nop, 342 351 int fh_flags) 343 352 {