Re: [PATCH v2 00/11] fhandle, pidfs: allow open_by_handle_at() purely based on file handle

Linux NFS development
 help / color / mirror / Atom feed

From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: Jeff Layton <jlayton@kernel.org>,
	Chuck Lever <chuck.lever@oracle.com>,
	 Amir Goldstein <amir73il@gmail.com>,
	Simona Vetter <simona@ffwll.ch>,
	linux-fsdevel@vger.kernel.org,  linux-nfs@vger.kernel.org,
	stable@kernel.org
Subject: Re: [PATCH v2 00/11] fhandle, pidfs: allow open_by_handle_at() purely based on file handle
Date: Tue, 24 Jun 2025 16:39:08 +0200	[thread overview]
Message-ID: <20250624-dubios-dissident-128110e328d3@brauner> (raw)
In-Reply-To: <z4gavwmwinr6me7ufmwk7y6vi7jfwwbv5bksrk4v4saochb3va@zxchg3jqz2x4>

On Tue, Jun 24, 2025 at 04:15:37PM +0200, Jan Kara wrote:
> On Tue 24-06-25 12:59:26, Christian Brauner wrote:
> > > For pidfs this means a file handle can function as full replacement for
> > > storing a pid in a file. Instead a file handle can be stored and
> > > reopened purely based on the file handle.
> > 
> > One thing I want to comment on generally. I know we document that a file
> > handle is an opaque thing and userspace shouldn't rely on the layout or
> > format (Propably so that we're free to redefine it.).
> > 
> > Realistically though that's just not what's happening. I've linked Amir
> > to that code already a few times but I'm doing it here for all of you
> > again:
> > 
> > [1]: https://github.com/systemd/systemd/blob/7e1647ae4e33dd8354bd311a7f7f5eb701be2391/src/basic/cgroup-util.c#L62-L77
> > 
> >      Specifically:
> >      
> >      /* The structure to pass to name_to_handle_at() on cgroupfs2 */
> >      typedef union {
> >              struct file_handle file_handle;
> >              uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
> >      } cg_file_handle;
> >      
> >      #define CG_FILE_HANDLE_INIT                                     \
> >              (cg_file_handle) {                                      \
> >                      .file_handle.handle_bytes = sizeof(uint64_t),   \
> >                      .file_handle.handle_type = FILEID_KERNFS,       \
> >              }
> >      
> >      #define CG_FILE_HANDLE_CGROUPID(fh) (*CAST_ALIGN_PTR(uint64_t, (fh).file_handle.f_handle))
> >      
> >      cg_file_handle fh = CG_FILE_HANDLE_INIT;
> >      CG_FILE_HANDLE_CGROUPID(fh) = id;
> >      
> >      return RET_NERRNO(open_by_handle_at(cgroupfs_fd, &fh.file_handle, O_DIRECTORY|O_CLOEXEC));
> > 
> > Another example where the layout is assumed to be uapi/uabi is:
> > 
> > [2]: https://github.com/systemd/systemd/blob/7e1647ae4e33dd8354bd311a7f7f5eb701be2391/src/basic/pidfd-util.c#L232-L259
> > 
> >      int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
> >      <snip>
> >                      union {
> >                              struct file_handle file_handle;
> >                              uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
> >                      } fh = {
> >                              .file_handle.handle_bytes = sizeof(uint64_t),
> >                              .file_handle.handle_type = FILEID_KERNFS,
> >                      };
> >                      int mnt_id;
> >      
> >                      r = RET_NERRNO(name_to_handle_at(fd, "", &fh.file_handle, &mnt_id, AT_EMPTY_PATH));
> >                      if (r >= 0) {
> >                              if (ret)
> >                                      *ret = *CAST_ALIGN_PTR(uint64_t, fh.file_handle.f_handle);
> >                              return 0;
> >                      }
> 
> Thanks for sharing. Sigh... Personal note for the future: If something
> should be opaque blob for userspace, don't forget to encrypt the data
> before handing it over to userspace. :-P

Yeah, honestly, that's what we should probably do. Use some hash
function or something.

     prev parent reply	other threads:[~2025-06-24 14:39 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-24  8:29 [PATCH v2 00/11] fhandle, pidfs: allow open_by_handle_at() purely based on file handle Christian Brauner
2025-06-24  8:29 ` [PATCH v2 01/11] fhandle: raise FILEID_IS_DIR in handle_type Christian Brauner
2025-06-24  9:31   ` Jan Kara
2025-06-24  8:29 ` [PATCH v2 02/11] fhandle: hoist copy_from_user() above get_path_from_fd() Christian Brauner
2025-06-24  9:31   ` Jan Kara
2025-06-24  8:29 ` [PATCH v2 03/11] fhandle: rename to get_path_anchor() Christian Brauner
2025-06-24  9:31   ` Jan Kara
2025-06-24  8:29 ` [PATCH v2 04/11] pidfs: add pidfs_root_path() helper Christian Brauner
2025-06-24  9:31   ` Jan Kara
2025-06-24  8:29 ` [PATCH v2 05/11] fhandle: reflow get_path_anchor() Christian Brauner
2025-06-24  9:16   ` Jan Kara
2025-06-24 10:16     ` Christian Brauner
2025-06-24  8:29 ` [PATCH v2 06/11] uapi/fcntl: mark range as reserved Christian Brauner
2025-06-24  9:16   ` Jan Kara
2025-06-24 10:57   ` Amir Goldstein
2025-06-24 13:47     ` Christian Brauner
2025-06-24  8:29 ` [PATCH v2 07/11] uapi/fcntl: add FD_INVALID Christian Brauner
2025-06-24  9:17   ` Jan Kara
2025-06-24  8:29 ` [PATCH v2 08/11] exportfs: add FILEID_PIDFS Christian Brauner
2025-06-24  9:17   ` Jan Kara
2025-06-24 13:15   ` Amir Goldstein
2025-06-24 13:43     ` Christian Brauner
2025-06-24 14:20       ` Amir Goldstein
2025-06-24  8:29 ` [PATCH v2 09/11] fhandle: add EXPORT_OP_AUTONOMOUS_HANDLES marker Christian Brauner
2025-06-24  9:18   ` Jan Kara
2025-06-24  9:20   ` Jan Kara
2025-06-24 10:16     ` Christian Brauner
2025-06-24  8:29 ` [PATCH v2 10/11] fhandle, pidfs: support open_by_handle_at() purely based on file handle Christian Brauner
2025-06-24  9:30   ` Jan Kara
2025-06-24 10:15     ` Christian Brauner
2025-06-24 10:53     ` Amir Goldstein
2025-06-24 14:28       ` Amir Goldstein
2025-06-24 14:51         ` Christian Brauner
2025-06-24 15:07           ` Amir Goldstein
2025-06-24 15:23             ` Christian Brauner
2025-06-24 17:45               ` Jan Kara
2025-06-24 19:23               ` Amir Goldstein
2025-06-25  7:52                 ` Christian Brauner
2025-06-24 23:07   ` Al Viro
2025-06-25  7:52     ` Christian Brauner
2025-06-24  8:29 ` [PATCH v2 11/11] selftests/pidfd: decode pidfd file handles withou having to specify an fd Christian Brauner
2025-06-24  9:39   ` Jan Kara
2025-06-24 10:58 ` [PATCH v2 00/11] fhandle, pidfs: allow open_by_handle_at() purely based on file handle Amir Goldstein
2025-06-24 10:59 ` Christian Brauner
2025-06-24 14:15   ` Jan Kara
2025-06-24 14:34     ` Amir Goldstein
2025-06-24 14:39     ` Christian Brauner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250624-dubios-dissident-128110e328d3@brauner \
    --to=brauner@kernel.org \
    --cc=amir73il@gmail.com \
    --cc=chuck.lever@oracle.com \
    --cc=jack@suse.cz \
    --cc=jlayton@kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=simona@ffwll.ch \
    --cc=stable@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox