lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260204170411.GC31420@macsyma.lan>
Date: Wed, 4 Feb 2026 12:04:11 -0500
From: "Theodore Tso" <tytso@....edu>
To: Christian Brauner <brauner@...nel.org>
Cc: Kiryl Shutsemau <kas@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>,
        Jan Kara <jack@...e.cz>, Hugh Dickins <hughd@...gle.com>,
        Baolin Wang <baolin.wang@...ux.alibaba.com>, linux-mm@...ck.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Orphan filesystems after mount namespace destruction and tmpfs
 "leak"

On Tue, Feb 03, 2026 at 03:58:52PM +0100, Christian Brauner wrote:
> I don't believe we need to do anything here unless you want some tmpfs
> specific black magic where you can issue a shutdown ioctl on tmpfs that
> magically frees memory. And I'd still expect that this would fsck
> userspace over that doesn't expect this behavior.

I think if we were going to do anything like this, adding support to
FS_IOC_SHUTDOWN to tmpfs is the only way we could go.  Yeah, it will
fsck over userspace that's not expecting it, but normally, if you're
tearing down a file system, whether it's a read-only iSCSI device that
provides a software package that needs to go away because the iSCSI
target has gone away, or zapping a tmpfs file system, killing the
userspace which depends on it with extreme perjudice *is* actually the
right thing.  We use FS_IOC_SHUTDWN on an ext4 file system that is
being served via iSCSI, and when that happens, killing the container
and the userspace processes running in it as quickly as possble
without harming other containers is the goal.

It might make fsck over userspace, granted, but so does "kill -9".  :-)

   	      	   		   	    	   - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ