On Wed, Jan 21, 2026 at 09:27:38AM -0500, Jeff Layton wrote: > Using your definitions, stability is not a problem for Linux > filesystems. The filehandles generally don't change after they have > been established.
fat seems to be an exception as far as the 'real' file systems go. And it did sound to me like some of the synthetic ones had similar issues. > > We'll still need a stable handles flag, and expose it to userspace > > to avoid applications being tricked into using broken non-stable > > file handles. We should have caught that when they were added, but > > didn't unfortunately. > > > > If we assume he meant "unique handles" flag, then I think we're all > mostly in agreement here. As far as this patchset goes: what if we > were to just rename EXPORT_OP_STABLE_HANDLES to > EXPORT_OP_UNIQUE_HANDLES (and clean up the documentation), since that's > the main issue for existing filesystems. It would be fairly simple to > advertise handle uniqueness using statx or something. Unique seems to also only capture part of it, but I could absolutely live with it, if the documentation includes all aspecs. But maybe use persistent as in the nfs spec? > > Alternately, instead of denying access to these filesystems, we could > just fix these filesystems to create unique handles (a'la random > i_generation value or something similar). That should mostly prevent > filehandles from being reusable across a reboot on these filesystems. Do we even want to provide access to them? > That would leave cgroupfs and the like exportable via nfsd, but as you > point out, we can't deny export by userland servers. If people want to > do this kind of crazy stuff, maybe we shouldn't deny them after all. I think Amirs patch would take care of that. Although userland nfs servers or other storage applications using the handle syscalls would still see them. Then again fixing the problem that some handles did not fulfill the long standing (but not documented well enough) semantics probably is a good fix on it's own.
