Re: [PATCH v2 10/11] fhandle, pidfs: support open_by_handle_at() purely based on file handle

[Christian Brauner <brauner@kernel.org>]

On Tue, Jun 24, 2025 at 04:28:50PM +0200, Amir Goldstein wrote:
> On Tue, Jun 24, 2025 at 12:53 PM Amir Goldstein <amir73il@gmail.com> wrote:
> >
> > On Tue, Jun 24, 2025 at 11:30 AM Jan Kara <jack@suse.cz> wrote:
> > >
> > > On Tue 24-06-25 10:29:13, Christian Brauner wrote:
> > > > Various filesystems such as pidfs (and likely drm in the future) have a
> > > > use-case to support opening files purely based on the handle without
> > > > having to require a file descriptor to another object. That's especially
> > > > the case for filesystems that don't do any lookup whatsoever and there's
> > > > zero relationship between the objects. Such filesystems are also
> > > > singletons that stay around for the lifetime of the system meaning that
> > > > they can be uniquely identified and accessed purely based on the file
> > > > handle type. Enable that so that userspace doesn't have to allocate an
> > > > object needlessly especially if they can't do that for whatever reason.
> > > >
> > > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > > > ---
> > > >  fs/fhandle.c | 22 ++++++++++++++++++++--
> > > >  fs/pidfs.c   |  5 ++++-
> > > >  2 files changed, 24 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/fs/fhandle.c b/fs/fhandle.c
> > > > index ab4891925b52..54081e19f594 100644
> > > > --- a/fs/fhandle.c
> > > > +++ b/fs/fhandle.c
> > > > @@ -173,7 +173,7 @@ SYSCALL_DEFINE5(name_to_handle_at, int, dfd, const char __user *, name,
> > > >       return err;
> > > >  }
> > > >
> > > > -static int get_path_anchor(int fd, struct path *root)
> > > > +static int get_path_anchor(int fd, struct path *root, int handle_type)
> > > >  {
> > > >       if (fd >= 0) {
> > > >               CLASS(fd, f)(fd);
> > > > @@ -193,6 +193,24 @@ static int get_path_anchor(int fd, struct path *root)
> > > >               return 0;
> > > >       }
> > > >
> > > > +     /*
> > > > +      * Only autonomous handles can be decoded without a file
> > > > +      * descriptor.
> > > > +      */
> > > > +     if (!(handle_type & FILEID_IS_AUTONOMOUS))
> > > > +             return -EOPNOTSUPP;
> > >
> > > This somewhat ties to my comment to patch 5 that if someone passed invalid
> > > fd < 0 before, we'd be returning -EBADF and now we'd be returning -EINVAL
> > > or -EOPNOTSUPP based on FILEID_IS_AUTONOMOUS setting. I don't care that
> > > much about it so feel free to ignore me but I think the following might be
> > > more sensible error codes:
> > >
> > >         if (!(handle_type & FILEID_IS_AUTONOMOUS)) {
> > >                 if (fd == FD_INVALID)
> > >                         return -EOPNOTSUPP;
> > >                 return -EBADF;
> > >         }
> > >
> > >         if (fd != FD_INVALID)
> > >                 return -EBADF; (or -EINVAL no strong preference here)
> >
> > FWIW, I like -EBADF better.
> > it makes the error more descriptive and keeps the flow simple:
> >
> > +       /*
> > +        * Only autonomous handles can be decoded without a file
> > +        * descriptor and only when FD_INVALID is provided.
> > +        */
> > +       if (fd != FD_INVALID)
> > +               return -EBADF;
> > +
> > +       if (!(handle_type & FILEID_IS_AUTONOMOUS))
> > +               return -EOPNOTSUPP;
> >
> 
> Thinking about it some more, as I am trying to address your concerns
> about crafting autonomous file handles by systemd, as you already
> decided to define a range for kernel reserved values for fd, why not,
> instead of requiring FD_INVALID for autonomous file handle, that we
> actually define a kernel fd value that translates to "the root of pidfs":
> 
> +       /*
> +        * Autonomous handles can be decoded with a special file
> +        * descriptor value that describes the filesystem.
> +        */
> +       switch (fd) {
> +       case FD_PIDFS_ROOT:
> +               pidfs_get_root(root);
> +               break;
> +       default:
> +               return -EBADF;
> +       }
> +
> 
> Then you can toss all my old ideas, including FILEID_IS_AUTONOMOUS,
> and EXPORT_OP_AUTONOMOUS_HANDLES and you do not even need
> to define FILEID_PIDFS anymore, just keep exporting FILEID_KERNFS
> as before (you can also keep the existing systemd code) and when you want
> to open file by handle you just go
> open_by_handle_at(FD_PIDFS, &handle, 0)
> and that's it.
> 
> In the end, my one and only concern with autonomous file handles is that
> there should be a user opt-in to request them.
> 
> Sorry for taking the long road to get to this simpler design.
> WDYT?

And simply place FD_PIDFS_ROOT into the -10000 range?
Sounds good to me.