From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>, Amir Goldstein <amir73il@gmail.com>,
linux-fsdevel@vger.kernel.org
Cc: "Josef Bacik" <josef@toxicpanda.com>,
"Jeff Layton" <jlayton@kernel.org>, "Mike Yuan" <me@yhndnzj.com>,
"Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>,
"Lennart Poettering" <mzxreary@0pointer.de>,
"Daan De Meyer" <daan.j.demeyer@gmail.com>,
"Aleksa Sarai" <cyphar@cyphar.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Jens Axboe" <axboe@kernel.dk>, "Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Michal Koutný" <mkoutny@suse.com>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Chuck Lever" <chuck.lever@oracle.com>,
linux-nfs@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
cgroups@vger.kernel.org, netdev@vger.kernel.org,
"Christian Brauner" <brauner@kernel.org>
Subject: [PATCH v2 29/33] nsfs: support exhaustive file handles
Date: Fri, 12 Sep 2025 13:52:52 +0200 [thread overview]
Message-ID: <20250912-work-namespace-v2-29-1a247645cef5@kernel.org> (raw)
In-Reply-To: <20250912-work-namespace-v2-0-1a247645cef5@kernel.org>
Pidfd file handles are exhaustive meaning they don't require a handle on
another pidfd to pass to open_by_handle_at() so it can derive the
filesystem to decode in. Instead it can be derived from the file
handle itself. The same is possible for namespace file handles.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/fhandle.c | 6 ++++++
fs/internal.h | 1 +
fs/nsfs.c | 10 ++++++++++
include/uapi/linux/fcntl.h | 1 +
4 files changed, 18 insertions(+)
diff --git a/fs/fhandle.c b/fs/fhandle.c
index 7c236f64cdea..f18c855bb0c2 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -11,6 +11,7 @@
#include <linux/personality.h>
#include <linux/uaccess.h>
#include <linux/compat.h>
+#include <linux/nsfs.h>
#include "internal.h"
#include "mount.h"
@@ -189,6 +190,11 @@ static int get_path_anchor(int fd, struct path *root)
return 0;
}
+ if (fd == FD_NSFS_ROOT) {
+ nsfs_get_root(root);
+ return 0;
+ }
+
return -EBADF;
}
diff --git a/fs/internal.h b/fs/internal.h
index 38e8aab27bbd..a33d18ee5b74 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -355,3 +355,4 @@ int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path,
int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr);
void pidfs_get_root(struct path *path);
+void nsfs_get_root(struct path *path);
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 926e2680414e..22765fcab18e 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -25,6 +25,14 @@
static struct vfsmount *nsfs_mnt;
+static struct path nsfs_root_path = {};
+
+void nsfs_get_root(struct path *path)
+{
+ *path = nsfs_root_path;
+ path_get(path);
+}
+
static long ns_ioctl(struct file *filp, unsigned int ioctl,
unsigned long arg);
static const struct file_operations ns_file_operations = {
@@ -598,4 +606,6 @@ void __init nsfs_init(void)
if (IS_ERR(nsfs_mnt))
panic("can't set nsfs up\n");
nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
+ nsfs_root_path.mnt = nsfs_mnt;
+ nsfs_root_path.dentry = nsfs_mnt->mnt_root;
}
diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h
index f291ab4f94eb..3741ea1b73d8 100644
--- a/include/uapi/linux/fcntl.h
+++ b/include/uapi/linux/fcntl.h
@@ -111,6 +111,7 @@
#define PIDFD_SELF_THREAD_GROUP -10001 /* Current thread group leader. */
#define FD_PIDFS_ROOT -10002 /* Root of the pidfs filesystem */
+#define FD_NSFS_ROOT -10003 /* Root of the nsfs filesystem */
#define FD_INVALID -10009 /* Invalid file descriptor: -10000 - EBADF = -10009 */
/* Generic flags for the *at(2) family of syscalls. */
--
2.47.3
next prev parent reply other threads:[~2025-09-12 11:55 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-12 11:52 [PATCH v2 00/33] ns: support file handles Christian Brauner
2025-09-12 11:52 ` [PATCH v2 01/33] pidfs: validate extensible ioctls Christian Brauner
2025-09-12 11:52 ` [PATCH v2 02/33] nsfs: drop tautological ioctl() check Christian Brauner
2025-09-12 11:52 ` [PATCH v2 03/33] nsfs: validate extensible ioctls Christian Brauner
2025-09-12 11:52 ` [PATCH v2 04/33] block: use extensible_ioctl_valid() Christian Brauner
2025-09-16 11:18 ` Mark Brown
2025-09-16 13:40 ` Dan Carpenter
2025-09-18 13:17 ` Jan Kara
2025-09-19 12:28 ` Christian Brauner
2025-09-12 11:52 ` [PATCH v2 05/33] ns: move to_ns_common() to ns_common.h Christian Brauner
2025-09-12 11:52 ` [PATCH v2 06/33] nsfs: add nsfs.h header Christian Brauner
2025-09-12 11:52 ` [PATCH v2 07/33] ns: uniformly initialize ns_common Christian Brauner
2025-09-12 11:52 ` [PATCH v2 08/33] cgroup: use ns_common_init() Christian Brauner
2025-09-12 15:48 ` Tejun Heo
2025-09-12 11:52 ` [PATCH v2 09/33] ipc: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 10/33] mnt: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 11/33] net: " Christian Brauner
2025-09-15 11:07 ` Jan Kara
2025-09-15 11:42 ` Christian Brauner
2025-09-15 11:50 ` Jan Kara
2025-09-15 22:59 ` Al Viro
2025-09-12 11:52 ` [PATCH v2 12/33] pid: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 13/33] time: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 14/33] user: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 15/33] uts: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 16/33] ns: remove ns_alloc_inum() Christian Brauner
2025-09-12 11:52 ` [PATCH v2 17/33] nstree: make iterator generic Christian Brauner
2025-09-15 11:49 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 18/33] mnt: support ns lookup Christian Brauner
2025-09-15 11:48 ` Jan Kara
2025-09-15 13:45 ` Christian Brauner
2025-09-16 3:24 ` Kuniyuki Iwashima
2025-09-16 3:59 ` Al Viro
2025-09-16 3:56 ` Al Viro
2025-09-16 3:59 ` Al Viro
2025-09-16 4:46 ` Al Viro
2025-09-17 9:50 ` Christian Brauner
2025-09-18 10:21 ` Al Viro
2025-09-12 11:52 ` [PATCH v2 19/33] cgroup: " Christian Brauner
2025-09-15 11:53 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 20/33] ipc: " Christian Brauner
2025-09-15 11:56 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 21/33] net: " Christian Brauner
2025-09-15 12:02 ` Jan Kara
2025-09-15 13:47 ` Christian Brauner
2025-09-16 3:59 ` Kuniyuki Iwashima
2025-09-12 11:52 ` [PATCH v2 22/33] pid: " Christian Brauner
2025-09-15 12:04 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 23/33] time: " Christian Brauner
2025-09-15 12:06 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 24/33] user: " Christian Brauner
2025-09-15 12:11 ` Jan Kara
2025-09-15 13:54 ` Christian Brauner
2025-09-15 14:14 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 25/33] uts: " Christian Brauner
2025-09-15 12:59 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 26/33] ns: add to_<type>_ns() to respective headers Christian Brauner
2025-09-15 12:06 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 27/33] nsfs: add current_in_namespace() Christian Brauner
2025-09-15 13:08 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 28/33] nsfs: support file handles Christian Brauner
2025-09-15 13:25 ` Jan Kara
2025-09-15 13:55 ` Christian Brauner
2025-09-12 11:52 ` Christian Brauner [this message]
2025-09-15 13:26 ` [PATCH v2 29/33] nsfs: support exhaustive " Jan Kara
2025-09-12 11:52 ` [PATCH v2 30/33] nsfs: add missing id retrieval support Christian Brauner
2025-09-15 13:28 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 31/33] tools: update nsfs.h uapi header Christian Brauner
2025-09-12 11:52 ` [PATCH v2 32/33] selftests/namespaces: add identifier selftests Christian Brauner
2025-09-12 11:52 ` [PATCH v2 33/33] selftests/namespaces: add file handle selftests Christian Brauner
2025-09-16 4:55 ` [PATCH v2 00/33] ns: support file handles Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250912-work-namespace-v2-29-1a247645cef5@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=cgroups@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=cyphar@cyphar.com \
--cc=daan.j.demeyer@gmail.com \
--cc=edumazet@google.com \
--cc=hannes@cmpxchg.org \
--cc=horms@kernel.org \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=me@yhndnzj.com \
--cc=mkoutny@suse.com \
--cc=mzxreary@0pointer.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).