Add more documentation for FUSE_CAP_EXPORT_SUPPORT (#917)

Add more documentation for FUSE_CAP_EXPORT_SUPPORT

Also remove the flag from passthrough_ll.c and passthrough_hp.cc
as these implementations do _not_ handle that flag. They just
cast fuse_ino_t to an inode and cause a heap buffer overflow
for unknown objects (simplest reproducer are the examples
in "man 2 open_by_handle_at", but to unmount/mount the file
system after name_to_handle_at and before open_by_handle_at).

Fixes https://github.com/libfuse/libfuse/issues/838

---------

Co-authored-by: Nikolaus Rath <Nikolaus@rath.org>

1 files changed, 11 insertions, 0 deletions

diff --git a/doc/README.NFS b/doc/README.NFS
index 239dcb2..edf5482 100644
--- a/doc/README.NFS
+++ b/doc/README.NFS
@@ -21,6 +21,17 @@ be requested on any inode, including non-directories, while the latter
 is only requested for directories.  Otherwise these special lookups
 should behave identically to ordinary lookups.
 
+Furthermore, setting FUSE_CAP_EXPORT_SUPPORT requires the file system
+to handle node-ids (fuse_ino_t) that the file system may does not know
+about - e.g. a fuse FORGET request might have been received or the node-id
+was used in a previous instance of the file system daemon. The node-id might
+not be valid at all when an invalid handle is passed to open_by_handle_at(). 
+This implies that the filesystem *must not* reuse node-ids even if
+generation numbers are set correctly. This is because generation numbers
+are not provided by the kernel to e.g. the getattr() handler, so the
+handler would be unable to tell if the provided node-id refers to the
+"known" current one, or a previous one that has been forgotten and re-used.
+
 2) high-level interface
 
 Because the high-level interface is path based, it is not possible to