lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260206-vfs-v70-7df0b750d594@brauner>
Date: Fri,  6 Feb 2026 17:49:56 +0100
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL 00/12 for v7.0] v7.0

Hey Linus,

This is the batch of pull requests for the v7.0 merge window.

This cycle has a few infrastructure pieces worth highlighting.

There's nullfs, a completely catatonic minimal pseudo filesystem that
serves as the immutable root of the mount hierarchy. The mutable rootfs
(tmpfs/ramfs) is mounted on top of it. This allows userspace to simply
pivot_root() in the initramfs without the traditional switch_root
workarounds. nullfs is enabled unconditionally. If we see any real
regression we'll hide it behind a boot option. There's an easy to revert
change to make that happen. It will also serve as a foundation for
creating completely empty mount namespaces in a future cycle.

Along with nullfs, we remove the deprecated linuxrc-based initrd code
path is removed. It was deprecated in 2020 and this completes the
removal. Initramfs is entirely unaffected. The non-linuxrc initrd path
(root=/dev/ram0) is preserved but now carries a deprecation warning
targeting January 2027 removal.

There a new OPEN_TREE_NAMESPACE extension for open_tree(). Container
runtimes currently use CLONE_NEWNS to copy the caller's entire mount
namespace only to then pivot_root() and recursively unmount everything
they just copied. With large mount tables and thousands of parallel
container launches this creates significant contention on the namespace
semaphore. OPEN_TREE_NAMESPACE copies only the specified mount tree and
returns a mount namespace fd instead of a detached mount fd —
functioning as a combined unshare(CLONE_NEWNS) + pivot_root() in a
single syscall. Using it for container creation brings about a 40%
increase in throughput.

We added a new STATMOUNT_BY_FD extension to statmount(). It now accepts
a file descriptor as a parameter, returning mount information for the
mount the fd resides on, including detached mounts.

With every in-tree filesystem now converted to the new mount API, we can
remove all the legacy code in fs_context.c for unconverted filesystems -
about 280 lines including legacy_init_fs_context() and friends. The
mount(2) syscall path for userspace is untouched.

The timestamp update path is reworked to propagate IOCB_NOWAIT through
->update_time so that filesystems which can update timestamps without
blocking are no longer penalized. Previously, file_update_time_flags()
unconditionally returned -EAGAIN when IOCB_NOWAIT was set, making
non-blocking direct writes impossible on essentially all filesystems.
XFS implements non-blocking timestamp updates as the first user.

Lease support is changed to require explicit opt-in. Previously
kernel_setlease() fell through to generic_setlease() when a filesystem
did not define ->setlease(), silently granting lease support to every
filesystem. The new default returns -EINVAL when ->setlease is NULL.
With the new default simple_nosetlease() becomes redundant and is
removed.

There's a new generic fserror infrastructure for reporting metadata
corruption and file I/O errors to userspace via fsnotify. EFSCORRUPTED
and EUCLEAN are promoted from private per-filesystem definitions to
canonical errno.h values across all architectures. A new
super_operations::report_error callback lets filesystem drivers respond
to file I/O errors themselves.

knfsd can now use atomic_open() via dentry_create(), eliminating the
racy vfs_create() + vfs_open() sequence for combined exclusive create
and open operations.

Btrfs drops its private copies of may_delete() and may_create() in
favor of newly exported may_delete_dentry() and may_create_dentry(),
removing ~70 lines of duplicated code that had drifted out of sync with
the VFS originals.

On the scalability side, pid allocation is reworked to only take
pidmap_lock once instead of twice during alloc_pid(), improving thread
creation/teardown throughput by 10-16%. File lock presence is tracked
via a flag in ->i_opflags instead of reading ->i_flctx, avoiding
false-sharing on open/close hot paths with a measured 4-16% improvement.
A redundant DCACHE_MANAGED_DENTRY check in __follow_mount_rcu() that
caused a 100% mispredicted branch is removed.

Smaller items include minix superblock validation hardening (syzbot),
iomap plumbing for erofs page cache sharing preliminaries, a fix for
invalid folio access after folio_end_read(), posix_acl_to_xattr() now
allocating the buffer internally since every caller was doing it anyway,
chardev cleanup API conversion, the start of deprecating legacy BSD
process accounting (acct(2)), Rust VFS helper annotations for LTO
inlining, and the usual collection of kernel-doc fixes and cleanups.

Note that I will have some pull requests coming in during the second
half of the merge window as linux-next had to temporarily drop them last
week when a selftest build error happened. So I'm delaying them a bit.

Thanks!
Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ