From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01DE5367F5C; Thu, 5 Mar 2026 23:30:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753424; cv=none; b=bu+OgYo3csulndn/XrK1vzjk5JokevdflfmXlYIRPvMWLt1awCfudohT1FaxlTF68a7Ow6BCA5WOV7lIIF5Qu40bAHjNtE2+t1oH2ZMWSO5QjDtEsW1x7hJf8ecm0RL0R1Kic9XT0CeeLx6Zifbj9aziFrMcAqUR4/dqQVMCFj8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753424; c=relaxed/simple; bh=ihMLt71nK319mbuBMwuGH7uvgLVHRHqUMc328AWSJvE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VbchsArgLWQEm8YHzil073C3BJEiWjjpXUB21Q3AnKXpQ/TnDZTHn/yYDXAyDzY9PM6Zojv69Hu7QsTBrBgVc+DFaIF5G+M2dYD3FsINgY0P4QiNKBMWkyW2tjg/7uxQkljCF/itZN49ITM58S/whBKdBthKP+NUX7xErHZt4h0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MoUpDN7u; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MoUpDN7u" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92BC9C116C6; Thu, 5 Mar 2026 23:30:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753423; bh=ihMLt71nK319mbuBMwuGH7uvgLVHRHqUMc328AWSJvE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=MoUpDN7u+l9nXcomHZs3cPKTQpjOaxOurl0VAxMssPKEXp8LZiXaCRDNARwUdqVzh kelNP1OZaE8NlzF9qyOgonlafJcY6367WOaBzihM0/nAxEdNLFUiTOoNZE7XQi04m4 XZFuzEhb8jjbny9OH0XgOSY69eHa46q+DeeMP0xC0eF1waDbTLvHDW6XanYPZapaf1 IOd3dfAinSnBwejiyV66TwcXW7dMH/LUvgLkkrsQq/RA1YZNuwmCQRp87oXupuz9f9 K7oeNO5ybFOVdVNQsg4MzwtmvWUFZW908FMisHRwdilLc9ZNUSFXwEVDQrjucjW7WA RrlZg31/aUdvA== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:04 +0100 Subject: [PATCH RFC v2 01/23] fs: notice when init abandons fs sharing Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-1-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=3901; i=brauner@kernel.org; h=from:subject:message-id; bh=ihMLt71nK319mbuBMwuGH7uvgLVHRHqUMc328AWSJvE=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuK0faOquWPVh63WomzFXz9a/X1Xmfn2z9eiO5HZS Rr/ujgvd5SyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAExE6RjDP6vtr2rifqbJn9Ll kOnjcn6on2ayW+XIgrquPe+/pt7vW87wh9P0RfoElUhfL33XHfv9V8xd82r9Z9nCzZw77MJ+2C9 yZgcA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 PID 1 may choose to stop sharing fs_struct state with us. Either via unshare(CLONE_FS) or unshare(CLONE_NEWNS). Of course, PID 1 could have chosen to create arbitrary process trees that all share fs_struct state via CLONE_FS. This is a strong statement: We only care about PID 1 aka the thread-group leader so subthread's fs_struct state doesn't matter. PID 1 unsharing fs_struct state is a bug. PID 1 relies on various kthreads to be able to perform work based on its fs_struct state. Breaking that contract sucks for both sides. So just don't bother with extra work for this. No sane init system should ever do this. Signed-off-by: Christian Brauner --- fs/fs_struct.c | 41 +++++++++++++++++++++++++++++++++++++++++ include/linux/fs_struct.h | 2 ++ kernel/fork.c | 14 +++----------- 3 files changed, 46 insertions(+), 11 deletions(-) diff --git a/fs/fs_struct.c b/fs/fs_struct.c index 394875d06fd6..3ff79fb894c1 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -147,6 +147,47 @@ int unshare_fs_struct(void) } EXPORT_SYMBOL_GPL(unshare_fs_struct); =20 +/* + * PID 1 may choose to stop sharing fs_struct state with us. + * Either via unshare(CLONE_FS) or unshare(CLONE_NEWNS). Of + * course, PID 1 could have chosen to create arbitrary process + * trees that all share fs_struct state via CLONE_FS. This is a + * strong statement: We only care about PID 1 aka the thread-group + * leader so subthread's fs_struct state doesn't matter. + * + * PID 1 unsharing fs_struct state is a bug. PID 1 relies on + * various kthreads to be able to perform work based on its + * fs_struct state. Breaking that contract sucks for both sides. + * So just don't bother with extra work for this. No sane init + * system should ever do this. + */ +static inline void nullfs_userspace_init(struct fs_struct *old_fs) +{ + if (likely(current->pid !=3D 1)) + return; + /* @old_fs may be dangling but for comparison it's fine */ + if (old_fs !=3D &init_fs) + return; + pr_warn("VFS: Pid 1 stopped sharing filesystem state\n"); +} + +struct fs_struct *switch_fs_struct(struct fs_struct *new_fs) +{ + struct fs_struct *fs; + + fs =3D current->fs; + read_seqlock_excl(&fs->seq); + current->fs =3D new_fs; + if (--fs->users) + new_fs =3D NULL; + else + new_fs =3D fs; + read_sequnlock_excl(&fs->seq); + + nullfs_userspace_init(fs); + return new_fs; +} + /* to be mentioned only in INIT_TASK */ struct fs_struct init_fs =3D { .users =3D 1, diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h index 0070764b790a..ade459383f92 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -40,6 +40,8 @@ static inline void get_fs_pwd(struct fs_struct *fs, struc= t path *pwd) read_sequnlock_excl(&fs->seq); } =20 +struct fs_struct *switch_fs_struct(struct fs_struct *new_fs); + extern bool current_chrooted(void); =20 static inline int current_umask(void) diff --git a/kernel/fork.c b/kernel/fork.c index 65113a304518..583078c69bbd 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -3123,7 +3123,7 @@ static int unshare_fd(unsigned long unshare_flags, st= ruct files_struct **new_fdp */ int ksys_unshare(unsigned long unshare_flags) { - struct fs_struct *fs, *new_fs =3D NULL; + struct fs_struct *new_fs =3D NULL; struct files_struct *new_fd =3D NULL; struct cred *new_cred =3D NULL; struct nsproxy *new_nsproxy =3D NULL; @@ -3200,16 +3200,8 @@ int ksys_unshare(unsigned long unshare_flags) =20 task_lock(current); =20 - if (new_fs) { - fs =3D current->fs; - read_seqlock_excl(&fs->seq); - current->fs =3D new_fs; - if (--fs->users) - new_fs =3D NULL; - else - new_fs =3D fs; - read_sequnlock_excl(&fs->seq); - } + if (new_fs) + new_fs =3D switch_fs_struct(new_fs); =20 if (new_fd) swap(current->files, new_fd); --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29628281503; Thu, 5 Mar 2026 23:30:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753426; cv=none; b=E1lkP0AqnzwDo1zSIbrYoEGXmhJ67V6BCPb0AbXPp1Fj5qaoBcworQkdiPRJIyArqRLZsINnKmZT55N2cJ8Py8Prloko3FxdwvbEX9efFVQ9LRPWxD5nXpqAKiJUkeVeKzvKuTdpQALJpHGNpX+Dw15ucsV4KoNxyDqT/RdhQvc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753426; c=relaxed/simple; bh=/qBXsoeacZyljyu4IKg9RdZ+fbB4bK3kFcvfUbshqKA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=MwjlQhdIPCYno1uBPw+c41nMGIRg6iRP8wtsYPMbJdIUKyWI9LEWY90vmZmaotf0Y+mrGcihs9X8RYMWn25rfMNGAUfDO8rhwXpiqXEEAdWEq/W5hrtdm1DtTXNEMDI9/J6FFIln+x17+u48DXobzBBiDI1wfR8aOa582hrPMgE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lLnjzF4K; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lLnjzF4K" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A400C2BCAF; Thu, 5 Mar 2026 23:30:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753426; bh=/qBXsoeacZyljyu4IKg9RdZ+fbB4bK3kFcvfUbshqKA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lLnjzF4KGOeujLgiD3MMflNaVmOY5XkQlmQkaiWd5YwyG0Sv4lgSjBC5Om2GLRSMT B/ApSrxqDPxm5bewODr0B9gDqFH2FtnS3ebovcPvKqyourTxD05BvV52pWS4l0RTvr PerRHtsFwpracj2tsP4QimcuZSq2oxUOrcYLmMN0ktI2Og4BgJa82AtTatpMo32RPb vH1GTPjvkD05zRH9ZwF07VZgRLlZdPC6ac+9IA6eXKpP9DCqtetM+7y06iz8Zr2I76 8wtws3BWNjehiq2nYHlkQe94jtr/RXyZu0Mvu9w+Kidn0w2o3wo0HOJ2x/mpyboV8z WLFEushOw28GQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:05 +0100 Subject: [PATCH RFC v2 02/23] fs: add scoped_with_init_fs() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-2-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=brauner@kernel.org; h=from:subject:message-id; bh=/qBXsoeacZyljyu4IKg9RdZ+fbB4bK3kFcvfUbshqKA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJU4uypnfHpifSsdRM7XW0KrP5W3peblrS4Yr6Yh L9t9LM1HaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABNR4mVkWL6xu9QuOOuYFsfh qS5/J373XM145t5imZ/WUSsOeF36b8nIcHdWH2uffbToxgizznXFTC2uU5ZKHrZY4fuV+e6dZbs PcwIA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Similar to scoped_with_kernel_creds() allow a temporary override of current->fs to serve the few places where lookup is performed from kthread context or needs init's filesytem state. Signed-off-by: Christian Brauner --- include/linux/fs_struct.h | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h index ade459383f92..ff525a1e45d4 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -6,6 +6,7 @@ #include #include #include +#include =20 struct fs_struct { int users; @@ -49,4 +50,34 @@ static inline int current_umask(void) return current->fs->umask; } =20 +/* + * Temporarily use userspace_init_fs for path resolution in kthreads. + * Callers should use scoped_with_init_fs() which automatically + * restores the original fs_struct at scope exit. + */ +static inline struct fs_struct *__override_init_fs(void) +{ + struct fs_struct *fs; + + fs =3D current->fs; + smp_store_release(¤t->fs, current->fs); + return fs; +} + +static inline void __revert_init_fs(struct fs_struct *revert_fs) +{ + VFS_WARN_ON_ONCE(current->fs !=3D current->fs); + smp_store_release(¤t->fs, revert_fs); +} + +DEFINE_CLASS(__override_init_fs, + struct fs_struct *, + __revert_init_fs(_T), + __override_init_fs(), void) + +#define scoped_with_init_fs() \ + scoped_class(__override_init_fs, __UNIQUE_ID(label)) + +void __init init_userspace_fs(void); + #endif /* _LINUX_FS_STRUCT_H */ --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB85535E92F; Thu, 5 Mar 2026 23:30:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753428; cv=none; b=Th7Cs7Muvfe5kWBY6/Sc0zt/cnf2iYgExz6PyrPz/MFbLGt5ZczmnkQr6wYhWStv9J/uUqq/Ha72hXlxyVMtTrLw7hcBvfpsodKFGXO7e87FS6W1szQE2ZPeDa+JA3umOLPOH3JpyqM+uFQ6GLalJNON+HsNcN+BeMo6eGKiIhE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753428; c=relaxed/simple; bh=jsmYqEfin/W6QXrJh5f/89X3/kJ/bACDGoIAjq0LjVg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=BQc2AyOiA9EYjPv7nE5tHHRgCnKvVT7VBl8A9WS5aBjEYpVPBpvV/Tt95g2hEAXzhcMwEBcrz4ARfpZSaxaIqfBiHo78+s7rLjbhEN68hODNnrs2yJ7vMkdTjZ5ltz2j0ucZF3GRkwWaV1czcx1c6DDzfRFRwZF8fU0y8rf1ioY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NTQAPQCw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NTQAPQCw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A3A1C116C6; Thu, 5 Mar 2026 23:30:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753428; bh=jsmYqEfin/W6QXrJh5f/89X3/kJ/bACDGoIAjq0LjVg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NTQAPQCwE7GWorbCtaq2XPX40KiiqXAO5phQMZne8DPF0ceqeg1R5PhDHPOyb/wfN 7djs+ZUVjODLfRGTcUQnhke+bVrl+293ECA1DNc6p75EzcGBqYgdsu4+bwy1KaXVMn kPTBoSsVqRApQPIj7Qsz8LEWkl7eCFXLJwPchbTpsRV8WQ5+K6/DVtuUKTuEHFf75L aS7qXRg8uw66+MHODZ7Zl5S2lJLeUWqCX67eDkSMyRR8I4kl0M9ogtBBoZWbjzY+YS QvsnjvW59yNNhkI/6NXi6sGiwQ/4YbKSvqHRiOX8K1Kn/xHT5aog0XJglQmOGjfN3M X8er0b+CmSIsw== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:06 +0100 Subject: [PATCH RFC v2 03/23] rnbd: use scoped_with_init_fs() for block device open Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-3-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1270; i=brauner@kernel.org; h=from:subject:message-id; bh=jsmYqEfin/W6QXrJh5f/89X3/kJ/bACDGoIAjq0LjVg=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuIMVTipc2tu4JWcZHH5/fPO3ZuxKtjj8o4a1bpvz Mduqeu97ShlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZgIrx0jw2G10l1+atyy6ZM/ n4nsaXIN2JpR2Hzur4eX+1PNxY2Tixn+qQkVcmsslP0j4uPP8n3Oho0Ncd1bj3hlfJurWPggct9 nTgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the bdev_file_open_by_path() call so the path lookup happens in init's filesystem context. process_msg_open() =E2=86=90 rnbd_srv_rdma_ev() =E2=86=90 RDMA completion c= allback =E2=86=90 ib_cq_poll_work() =E2=86=90 kworker (InfiniBand completion workqueue) Signed-off-by: Christian Brauner --- drivers/block/rnbd/rnbd-srv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/block/rnbd/rnbd-srv.c b/drivers/block/rnbd/rnbd-srv.c index 10e8c438bb43..79c9a5fb418f 100644 --- a/drivers/block/rnbd/rnbd-srv.c +++ b/drivers/block/rnbd/rnbd-srv.c @@ -11,6 +11,7 @@ =20 #include #include +#include =20 #include "rnbd-srv.h" #include "rnbd-srv-trace.h" @@ -734,7 +735,8 @@ static int process_msg_open(struct rnbd_srv_session *sr= v_sess, goto reject; } =20 - bdev_file =3D bdev_file_open_by_path(full_path, open_flags, NULL, NULL); + scoped_with_init_fs() + bdev_file =3D bdev_file_open_by_path(full_path, open_flags, NULL, NULL); if (IS_ERR(bdev_file)) { ret =3D PTR_ERR(bdev_file); pr_err("Opening device '%s' on session %s failed, failed to open the blo= ck device, err: %pe\n", --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4833D30C35C; Thu, 5 Mar 2026 23:30:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753431; cv=none; b=umDDayKleE5oIgpadI0xZmbZOg9JcrjZMwmMotnToKnDvY8xVf7DiXstyvjtr+WzhTGPW6kRh2Sxrl7Y522ZsX4gS4VW0/XLJ1mrmMpe+T7n5eNMGVCq8C83vYTDAyrj8Yq6rfoNxdfWpv4lZOdFoqaX7Ay0OTUHJmWQqcxTl1Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753431; c=relaxed/simple; bh=GZsbB5/oS0c6lwFJZSOuaHi3hJ1zBvMulcElef7p9ak=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XEbLeDD18quc8nFX9imlI/LUY9UaSLtIvLWeCioTBQn4M5pL+jQbtldwIYWFAJMprDJZUULEwNFZXbgtpVt11CTPTkDrYI2ulgxXiMltlh9VnQXUXzRfy8wPxsqBRNZ0PIZ9hdn3u8pQeCueh8Jv9Cl5984SRVly/C0wR/86jxg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=H+WSp9HB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="H+WSp9HB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED34DC2BCAF; Thu, 5 Mar 2026 23:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753431; bh=GZsbB5/oS0c6lwFJZSOuaHi3hJ1zBvMulcElef7p9ak=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=H+WSp9HBLcJEoo8qEvE0WuHJImxdXCE8ZgJ8caPYMyUJMFzb1jTsOS4wLA5flFg8V mAFxumNB5tQY3PcNAGfztfNpMMHtQkLridjuFqKnlpShJAlkN/bndcsr8X1f1I/kCP nqWoAyBrLkifZXZzf/F+gLWv/2KEN1+TuNo8qnBMhX9jzXEVMJZlVbJRMl3Oshzezi 578xmsTIS9gZS5f3R9T5xESK9anU24oEdLD4m/FYn2VI3DyC5gqPosBofK0YrTtha3 YwDZNVTh06PSoZGSdsTiRekDUL7l/sZ4wp7v1D27D/KdJfbEA9ZbY/e13m8cpIq4HA s2J/K85BH539w== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:07 +0100 Subject: [PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-4-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1507; i=brauner@kernel.org; h=from:subject:message-id; bh=GZsbB5/oS0c6lwFJZSOuaHi3hJ1zBvMulcElef7p9ak=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuI8baaxrvvpnqku04XTEuau7Jsbv8jLSdRzF8eZR AVR+3lHO0pZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACaia8zIMJXvW2XqkmPyEQGB RxPm7Ft85IfYt4sCqkdaDGdvd0pu+cbIsMj6/MvF26rz3E4u3y68OtlpRmy65V/DFp5X2ckC+/d b8AEA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Replace the manual init_task root retrieval with scoped_with_init_fs() to temporarily override current->fs. This allows using the simpler filp_open() instead of the init_root() + file_open_root() pattern. open_file_as_root() =E2=86=90 sev_read_init_ex_file() / sev_write_init_ex_f= ile() =E2=86=90 sev_platform_init() =E2=86=90 __sev_guest_init() =E2=86=90 KVM io= ctl =E2=80=94 user process context Needs init's root because the SEV init_ex file path should resolve against the real root, not a KVM user's chroot. Signed-off-by: Christian Brauner --- drivers/crypto/ccp/sev-dev.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 096f993974d1..4320054da0f6 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd) =20 static struct file *open_file_as_root(const char *filename, int flags, umo= de_t mode) { - struct path root __free(path_put) =3D {}; - - task_lock(&init_task); - get_fs_root(init_task.fs, &root); - task_unlock(&init_task); - CLASS(prepare_creds, cred)(); if (!cred) return ERR_PTR(-ENOMEM); =20 cred->fsuid =3D GLOBAL_ROOT_UID; =20 - scoped_with_creds(cred) - return file_open_root(&root, filename, flags, mode); + scoped_with_init_fs() { + scoped_with_creds(cred) + return filp_open(filename, flags, mode); + } } =20 static int sev_read_init_ex_file(void) --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92A60346E7D; Thu, 5 Mar 2026 23:30:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753433; cv=none; b=dlF7FXczt13wRANubbYxrxfCrnJhuCs1G+l5qOp6ZKqCBdx+QFn72M4++aDldgTdOWImvNP/ptbRnWAZOhCmXzUMA/1qIcAeu8FXTtYJlIP5yjbr0OHjZ5wfdKgHaDUF5hPI+p1MGW9JIhxCGn3+RaBadbRXwPDloZddzQYgcjk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753433; c=relaxed/simple; bh=BkzEXSS/aDyD/0RcykK+9iDod6MNEZ0v8zFBHEaX1Bk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XWCbqtOoiMMVrQnDxSJzoVbcCQsv3iebqVpxugxbGR6u82CwQet3YijJdeL6bbCYb57mT7jvJOOdzw2yA2o/tUsIsmR0vQFG5s/lsvsVSvno2rzYjnpJ5qTJQDl4iL+u6z2MopMQYb5njnwD2O7O1vo2ttnwruA5FrKyLte5rAc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ujwOcZVf; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ujwOcZVf" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7713DC2BC9E; Thu, 5 Mar 2026 23:30:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753433; bh=BkzEXSS/aDyD/0RcykK+9iDod6MNEZ0v8zFBHEaX1Bk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ujwOcZVfWBoUIlAjZe1ivZpLIenFzt+MmFOa4xbzisCbtwhTHAQPV5dduAZQ+NG2k NqEJ8jiM7l5bzMpOc/mUGfLuxjmnS06AwY2R3+jbsa98JWV7EMOt5PQ6H0hpx1lKS/ 06sKMzmUArqGjwgAwWrH16AilswszH7QtynePdKwQPNpnQeaKDcOLiws/QgORhV+wH YKsNGXc/IPqw57tjiJ0SIJS1LMuzNk4Gx/02ZanCqpeim9h9G1yQCiIAzNcClTm78x 1OCDKzXVk156is46+Ku36Yn4jF/E3OcfMCf81cxmCwYESR7Fn9VK4cGpkLC67i8vYZ aJ75kNMnNq3dA== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:08 +0100 Subject: [PATCH RFC v2 05/23] scsi: target: use scoped_with_init_fs() for ALUA metadata Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-5-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1383; i=brauner@kernel.org; h=from:subject:message-id; bh=BkzEXSS/aDyD/0RcykK+9iDod6MNEZ0v8zFBHEaX1Bk=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuKs1urKveXZKGOwKiNIQvnDLo34KyWXryntqDN7y dZrk9/XUcrCIMbFICumyOLQbhIut5ynYrNRpgbMHFYmkCEMXJwCMJFp+gz/FHeVXJwl3hW4kP+O hdps83emufpJPItkV8/W9BC9pVDgx8gwNdRPtPLmOesqSYdeCcNEzsUHpjjtTFR4yFz5xGXVLEY eAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the filp_open() call in core_alua_write_tpg_metadata() so the path lookup happens in init's filesystem context. core_alua_write_tpg_metadata() =E2=86=90 core_alua_update_tpg_primary_metad= ata() =E2=86=90 core_alua_do_transition_tg_pt() =E2=86=90 target_queued_submit_wo= rk() =E2=86=90 kworker (target submission workqueue) Signed-off-by: Christian Brauner --- drivers/target/target_core_alua.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core= _alua.c index 10250aca5a81..fde88642a43a 100644 --- a/drivers/target/target_core_alua.c +++ b/drivers/target/target_core_alua.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include =20 @@ -856,10 +857,13 @@ static int core_alua_write_tpg_metadata( unsigned char *md_buf, u32 md_buf_len) { - struct file *file =3D filp_open(path, O_RDWR | O_CREAT | O_TRUNC, 0600); + struct file *file; loff_t pos =3D 0; int ret; =20 + scoped_with_init_fs() + file =3D filp_open(path, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (IS_ERR(file)) { pr_err("filp_open(%s) for ALUA metadata failed\n", path); return -ENODEV; --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BA131459FA; Thu, 5 Mar 2026 23:30:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753436; cv=none; b=WIqe8OGZiGa0vvGoVUjwG4mHoSDvP2wzwTxfelVZixIcGEYoLkQWKrPD/ZrFa5F1+brN0shykmQSpRHKk+3+Ns6phPSOnunu00fJ8czX/BW+ax0Nu1d/I+qPS/PvAdWyTcCOCP9ceYyCGZTaNABeGtuv7mnftzh2/1DrBDqzGU0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753436; c=relaxed/simple; bh=mTnIonLZYMjXHvkplxKLW57Mj6daBEBoDy+9bwPX4hU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AgzxpVlt97hamqugxw3sBu73miKc72NQdEPmSQLU8CNpAhL7goZvwHD9nrGuv0iGdDvxbc/9dJE/gMMZTy4OBjfa9fOe+tfk2m545MxXYH7FkLmjAn7Vn2PXEPJfMqn7bqFlo+iro+GZ871swu6BSQiRcx/8To0qfAIM2bUijm4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uQQIgiGP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uQQIgiGP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F927C19423; Thu, 5 Mar 2026 23:30:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753436; bh=mTnIonLZYMjXHvkplxKLW57Mj6daBEBoDy+9bwPX4hU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uQQIgiGP+4KPGYq7C7y6G/gliGx1mtDkiMChTpymclR689L/QwD+oIBBarKzFi1W9 f9pncDpq+uu6s3tKyaZVcVVQ0fvlqx6gBj8jvCvLvZqw6D3coRSeOrQZprnFVRzWll lwQ7+x+gwm6fmnYFbl85sczKOlW8cRNFRFI5YXxbZ3Q+hBkDxxNtrL7KUStrY8pQzO 23vDoSpZ1MX+GSwfJZpHVRxhtO05pC5u96QckujXHhEn81oQLgrtcEQaxWu5ydhZpO Ujh46CL4Vz2E9/xN+FnVtylo0k1Zoa7NfMnJKi/N4ZTecU9ELTplV2Esg0apefwY5b 67e9ALnZe+6eQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:09 +0100 Subject: [PATCH RFC v2 06/23] scsi: target: use scoped_with_init_fs() for APTPL metadata Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-6-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1199; i=brauner@kernel.org; h=from:subject:message-id; bh=mTnIonLZYMjXHvkplxKLW57Mj6daBEBoDy+9bwPX4hU=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuKsmjqjXar5znadQiOzaRcErlx47xt+0uTcXxcdo TXhCWdsOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACZyj5fhn03l9ZyZj5z278p6 Xan3RivySPWrc/2MuXaLlkbFB2zy/MXwz3jaFbnbXiK1Fafma97s6/qg2qOvnfhxb7q/NV9DEec hHgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the filp_open() call in __core_scsi3_write_aptpl_to_file() so the path lookup happens in init's filesystem context. __core_scsi3_write_aptpl_to_file() =E2=86=90 core_scsi3_update_and_write_ap= tpl() =E2=86=90 PR command handlers =E2=86=90 target_queued_submit_work() =E2=86= =90 kworker Signed-off-by: Christian Brauner --- drivers/target/target_core_pr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_p= r.c index f88e63aefcd8..2a030f119b24 100644 --- a/drivers/target/target_core_pr.c +++ b/drivers/target/target_core_pr.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include =20 @@ -1969,7 +1970,8 @@ static int __core_scsi3_write_aptpl_to_file( if (!path) return -ENOMEM; =20 - file =3D filp_open(path, flags, 0600); + scoped_with_init_fs() + file =3D filp_open(path, flags, 0600); if (IS_ERR(file)) { pr_err("filp_open(%s) for APTPL metadata" " failed\n", path); --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF0FE367F5C; Thu, 5 Mar 2026 23:30:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753439; cv=none; b=BB5aN5nieTkOwCRGaG8ef90FE6S1OZyxLAPgaqWSwx6ilWudK0wu9rClgTPwQKWwtzwilEinp/BO1ndNDr9AbDfOeif9Cx2FaeU8+917Z8q5NTUU3dyWab5kfLIxQJgCuisd2ZL7Lgcsc1GAhDviwBVphKE+aibv8+ZG58IxugM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753439; c=relaxed/simple; bh=tqh5LkBF8hJuRKX1E/HzPe/YDkw6eJT1HDZFcFDFrFw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=df0lY9UlKRRxwh3wOZ6Xfdbsc1DAU56uMp8/f97C+SGFJKFa5GN0BD8AUXmVOWQ/hWIlpb05u3bEw3h8QLHQT6d3zS3MxiAVjze9fxRxly9pJRSD+2tJIGsPKuLPA11V4T5/odw57niuA4QwX2qjnTCbQPSAWGADQqtUeXYbZI0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=m2OUrLt7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="m2OUrLt7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97513C116C6; Thu, 5 Mar 2026 23:30:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753438; bh=tqh5LkBF8hJuRKX1E/HzPe/YDkw6eJT1HDZFcFDFrFw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=m2OUrLt73UwQ/lxAfzRzhYaoDhkGrPtQPRx88GbPQHL24NApX4RUExXzLxgyKoMmI WNerIxdoaZAvdY7SDfDgV4Q1u6DP3/+QNfMi1XjMkAT8KE9TXvdTxYD8b9/7aEwDHg BNKEd4Oq/cv1wtj2lz/LZOZac9488yxCzjXEWjv6ltIPeH6Z8AjM/+7vo9P71SJUHj ECj0H4B4IrZMhRXae1790ToaNBEUYJ+NhxFcdICEx2+LLz9dctcIeIqvJdX/uX+xjm a5ukCfWDsZwjwp+x2okLtHRE1HQGqHZTqxGVYkTUloG4XseMRdnVRAE1U+bDpjcN9b A9nDZo3B+SHGQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:10 +0100 Subject: [PATCH RFC v2 07/23] btrfs: use scoped_with_init_fs() for update_dev_time() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-7-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1460; i=brauner@kernel.org; h=from:subject:message-id; bh=tqh5LkBF8hJuRKX1E/HzPe/YDkw6eJT1HDZFcFDFrFw=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJ8tH650LHMx1ekNoRxbvzdl860/JBK5w7lhJgp6 pduxz/K7ihlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZjI+TcM/zNaDEWed9w94av/ 9/PK1xtfhf6Il+G1Sp4/IWSaaE+FfAcjwxp7d+NV518rCU89EWn7a6qVoc1sD/Wpept5365fsX8 hIxsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 update_dev_time() can be called from both kthread and process context. Use scoped_with_init_fs() to temporarily override current->fs for the kern_path() call when running in kthread context so the path lookup happens in init's filesystem context. update_dev_time() =E2=86=90 btrfs_scratch_superblocks() =E2=86=90 btrfs_dev_replace_finishing() =E2=86=90 btrfs_dev_replace_kthread() =E2=86=90 kthread (kthread_run) Also called from ioctl (user process). Signed-off-by: Christian Brauner --- fs/btrfs/volumes.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 648bb09fc416..b42e93c8e5b1 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "misc.h" #include "disk-io.h" #include "extent-tree.h" @@ -2119,8 +2120,16 @@ static int btrfs_add_dev_item(struct btrfs_trans_han= dle *trans, static void update_dev_time(const char *device_path) { struct path path; + int err; =20 - if (!kern_path(device_path, LOOKUP_FOLLOW, &path)) { + if (tsk_is_kthread(current)) { + scoped_with_init_fs() + err =3D kern_path(device_path, LOOKUP_FOLLOW, &path); + } else { + err =3D kern_path(device_path, LOOKUP_FOLLOW, &path); + } + + if (!err) { vfs_utimes(&path, NULL); path_put(&path); } --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2CB1B368267; Thu, 5 Mar 2026 23:30:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753443; cv=none; b=Gtzs6aO4ahdtJ1BT0zoF8v5kZ5txUZXRpo6i9RF+ipXOumh/YgQimJba8fAl2psRN8xg57nWv+ZWKTgEx/vephRgWZZB7QhE999nfB7f4/3OqAXMIBYKTHEHpk35LVTm0aEjp/4AFWNz5JeuDN88LQ1a6foixO8Y9I2h0lYLSHI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753443; c=relaxed/simple; bh=aJXunCWUMwo/RoSO3Pr5eSrF9qPQim1AZ9jP0b2ptO0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NXBVUa6iSfisYGWieRkyMraGi5sVDe4Ecd9d5sGETq4F2XCJtoGs7eVK2VVCzMucEG4pTwn9TUSn2cG+8J8J6NOJglS1g0NRdkir3FWXr8n99LnDek9FaDJvrb4yyzTj/c7ffZHgIgQfNkiGDAuRozKqFHGfMiitruRAXrkj7NQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QZ05O+3t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QZ05O+3t" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 22490C19423; Thu, 5 Mar 2026 23:30:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753441; bh=aJXunCWUMwo/RoSO3Pr5eSrF9qPQim1AZ9jP0b2ptO0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QZ05O+3t19KWOR/73tKgMKp92iqIxqpmljYy0Gu/wKH3RtMwyvAJAdz6u+ZIcEu1b l1es0uvjgOyS7hTNcvQNx3+4+76tgzZck3+3a23HEXgp5S+Ez2kywP9rii84Nfi53V v5Q8fk2dgwu2QUvuk5nYgeIbwS/PhRSnWDPUcN/IYd+2CcKov1N+XMtg84RfVXb18i 2gu6chUX1lCncm9yRIOnt4hl+WiyrEhyAcYLgljlnaEI3w6sRBeTwSAwjiozW1qQG8 tiJ0edrsTyqAtafjhtxj9qV8XNxjHByZVOGh0YfBMqB9CAGkDiq6EKaQEOzPVoNChn t0el9zp+SmFCg== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:11 +0100 Subject: [PATCH RFC v2 08/23] coredump: use scoped_with_init_fs() for coredump path resolution Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-8-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1539; i=brauner@kernel.org; h=from:subject:message-id; bh=aJXunCWUMwo/RoSO3Pr5eSrF9qPQim1AZ9jP0b2ptO0=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuIMPbbrwIwTB6eKhN/fdm6W9qa03vvGHDKPuXj4v GYoyYbVdJSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEzk1ERGhkf3dr7ze79v9lIu aeUAPt/HVzrYtG4wvZ0+p+33hP8auRIM/2tOPvLbfkd/8pLJVwwXcmZs0/EJEa533LpacbuZuLD mdV4A X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the filp_open() call so the coredump path lookup happens in init's filesystem context. This replaces the init_root() + file_open_root() pattern with the simpler scoped override. coredump_file() =E2=86=90 do_coredump() =E2=86=90 vfs_coredump() =E2=86=90 = get_signal() =E2=80=94 runs as the crashing userspace process Uses init's root to prevent a chrooted/user-namespaced process from controlling where suid coredumps land. Not a kthread, but intentionally needs init's fs for security. Signed-off-by: Christian Brauner --- fs/coredump.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 29df8aa19e2e..7428349f10bf 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -919,15 +919,10 @@ static bool coredump_file(struct core_name *cn, struc= t coredump_params *cprm, * with a fully qualified path" rule is to control where * coredumps may be placed using root privileges, * current->fs->root must not be used. Instead, use the - * root directory of init_task. + * root directory of PID 1. */ - struct path root; - - task_lock(&init_task); - get_fs_root(init_task.fs, &root); - task_unlock(&init_task); - file =3D file_open_root(&root, cn->corename, open_flags, 0600); - path_put(&root); + scoped_with_init_fs() + file =3D filp_open(cn->corename, open_flags, 0600); } else { file =3D filp_open(cn->corename, open_flags, 0600); } --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF827368298; Thu, 5 Mar 2026 23:30:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753444; cv=none; b=qwtL9kC+vohc8GgYhom3whXpcvPs8bVFrccEEnJjlPfzp2UJ9Tys6PiJEa3RXlxpEgZIaCF/6FgM9h4Ggu2Y2r2VF2Lku9Yyj5m3PdxJ5KiO8tsxoXmZtR5NnUlzZ/rh/yKZ4eR+vKRbYtzjegBf6bT4Vh+fHQN25INkAJSgdxM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753444; c=relaxed/simple; bh=zF8twvQogD362sFS14b9O2jvMAhbKYrV4VTnG9w1uzA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PdsIZ2NBA471QYcpWmcgmO0y+w0jxmPRuZdyLULZcEjx8G5RYAuVcEilAGspLzPFWfqie74h82qxqhB2DHQt0n31bqnuPdiR26HA5WmdmVmjh/xg6JNeID+ZI2SVVWTLs/IXAXKvYNEd4FkUI+O9t1y5qQOk9AXrVoN7OhJQBs8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fpcQ5y+S; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fpcQ5y+S" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 995AEC116C6; Thu, 5 Mar 2026 23:30:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753443; bh=zF8twvQogD362sFS14b9O2jvMAhbKYrV4VTnG9w1uzA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fpcQ5y+SoTO2kqTwJABrjAnwVsF8o6y+scuDwDBQiR0WUyhGqMNpizAgq71cpfPP7 IGhqCOBwtgxrMn2B+d/PVJaFAB4OjEi4Ec8gJ/UPkECcKWTOazp6pwlksujcwEWiS8 2KYz0ue/oIx/yS/c40OVaWQ9nEp1uNJhZgk6szaQYONyM07DXj/XJ8mxK451fsG9E+ frGyrw0xYujbkCuTJulwHwrFl4W/rvBZzRjiYv3yG/cwZjmU3os/3A9BUSFupDbD7G 8bbkWp/JsLmwFkvpAuiDXg02ViW1EXMnT19xiC23VLqJy/wT+1VXbP4BS0T8hhYRH3 9cvGDzPRq4YIg== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:12 +0100 Subject: [PATCH RFC v2 09/23] fs: use scoped_with_init_fs() for kernel_read_file_from_path_initns() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-9-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1325; i=brauner@kernel.org; h=from:subject:message-id; bh=zF8twvQogD362sFS14b9O2jvMAhbKYrV4VTnG9w1uzA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuKUnme3ZJkxQ0GP4oP7hUUnY6wlWc/uPNJs1dJ6d s2lPwfCO0pZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACail8HI8MZYuUf+1I83JXtv NVyyyl03sePnohdr+I9FVoftuG9h4MDI8GX52ux9HIErM2d4b/9d/8Q08vb0j107VzRdMtPtvr/ xMjsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Replace the manual init_task root retrieval with scoped_with_init_fs() to temporarily override current->fs. This allows using the simpler filp_open() instead of the init_root() + file_open_root() pattern. kernel_read_file_from_path_initns() =E2=86=90 fw_get_filesystem_firmware() = =E2=86=90 _request_firmware() =E2=86=90 request_firmware_work_func() =E2=86=90 kworke= r (async firmware loading) Also called synchronously from request_firmware() which can be user or kthread context. Signed-off-by: Christian Brauner --- fs/kernel_read_file.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c index de32c95d823d..9c2ba9240083 100644 --- a/fs/kernel_read_file.c +++ b/fs/kernel_read_file.c @@ -150,18 +150,13 @@ ssize_t kernel_read_file_from_path_initns(const char = *path, loff_t offset, enum kernel_read_file_id id) { struct file *file; - struct path root; ssize_t ret; =20 if (!path || !*path) return -EINVAL; =20 - task_lock(&init_task); - get_fs_root(init_task.fs, &root); - task_unlock(&init_task); - - file =3D file_open_root(&root, path, O_RDONLY, 0); - path_put(&root); + scoped_with_init_fs() + file =3D filp_open(path, O_RDONLY, 0); if (IS_ERR(file)) return PTR_ERR(file); =20 --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34086368976; Thu, 5 Mar 2026 23:30:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753446; cv=none; b=qs5Bh3vvQUWzYByBHfrX3fj/I43rl34V7coV4DjNH/C2dsUkbxRto6XMms8Kj6yzuaV1hLqDgGMpYpyNYjfQ5l3tQ1r7fM1N9W/wfjNDykwPMgMJfRB0SgE1M+jRoWsJxPqZZrGmNE6ewqlQ0oNo4O/FRK4MfO2Z+PadUJoFKvo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753446; c=relaxed/simple; bh=2kDcoaN93XMP+vh/JKpvMv+7AMIQDdbFl8rAi3BOMms=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=BZtUF9Q9kYyzRvQYqxG2GsXGDFz9Krr4UY1tb/s569yF2/0RyqJZq8J9qKuQG1MPpT5XFvkKjTp114wBpVe+TCUjA+YesaBTZeMh5Dh6hlZ3vhIoFQ7R9vWtBD9f4zJPValy2+XLSFsbwOqG40T1v7ysGEl0H0VLG2sxG3NTuuk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hQ3tLrvE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hQ3tLrvE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16DECC19423; Thu, 5 Mar 2026 23:30:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753446; bh=2kDcoaN93XMP+vh/JKpvMv+7AMIQDdbFl8rAi3BOMms=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hQ3tLrvENvt2R972Z9RbkxkNsJ6twwB1LIxphNjAm+YxjlOtkgaZx7Fl94Z4aMedg KcVflawvRCfuFZHmtBr5e7jVcVH3Du4NTXokW8UKmfHleA6DCEcS3h4PhiS5nds4VE Eao/vE/8L3uQyGtO73MYqILHeez4mXgTnyw7P0i7fhd0jgMyq8ciM3CUzEhtwTwMqm PL0rHi5yKDKI0Ee9Pu/sQ1Er4f8Zy3WT809UTzAUUgo2YHpcpK/6/wvgxVmzL5Ak/W 2mu5qA37FRzxXtycGbPBCL5nEakzLikzfrkpHXoO68KT+27PcRAIuJ+fGXxjw0KxgS 0sF7DIYQwnA2w== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:13 +0100 Subject: [PATCH RFC v2 10/23] ksmbd: use scoped_with_init_fs() for share path resolution Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-10-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1232; i=brauner@kernel.org; h=from:subject:message-id; bh=2kDcoaN93XMP+vh/JKpvMv+7AMIQDdbFl8rAi3BOMms=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuK89aZl8Z22TW2Ns5fXv+tNDWOK/HjR5NG1yY8Xb Zz++GeCS0cpC4MYF4OsmCKLQ7tJuNxynorNRpkaMHNYmUCGMHBxCsBEfogyMjyVNmwPDv/4bsXK /Mkz+gWObJgV0H9wxZ3UkvX2rsvKebYyMnxSCwsI0ugwvl4896dP2LzU5HecWupaTAHKHMfixVf HMAAA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the kern_path() call in share_config_request() so the share path lookup happens in init's filesystem context. All ksmbd paths =E2=86=90 SMB command handlers =E2=86=90 handle_ksmbd_work(= ) =E2=86=90 workqueue =E2=86=90 ksmbd_conn_handler_loop() =E2=86=90 kthread Signed-off-by: Christian Brauner --- fs/smb/server/mgmt/share_config.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_c= onfig.c index 53f44ff4d376..4535566abef2 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include =20 @@ -189,7 +190,8 @@ static struct ksmbd_share_config *share_config_request(= struct ksmbd_work *work, goto out; } =20 - ret =3D kern_path(share->path, 0, &share->vfs_path); + scoped_with_init_fs() + ret =3D kern_path(share->path, 0, &share->vfs_path); ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B086836827E; Thu, 5 Mar 2026 23:30:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753448; cv=none; b=lLtr/EpbrwEIDuxFIT9KkdBfR31VP8j6RtxEkBN+VL5kRFXl/RQh86KaAjboQes5IhZi+ecP8ccvjBQQc7/HNDRzDfHz77ObZPiZJJS9wGtil2ISaRGPtEnRNxRuP9soR8TT1t5FLStPTI3O76fWeBqABE2/U31L4xK6H/1BFV0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753448; c=relaxed/simple; bh=l6PdqSMlvF3b2b9R+GwUvIJev9lUgXCwT4zIDcHSxvE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OansQhRADFEl7MEG4D2hcoM28zo4cdIuwt3xtl8bhEUhwBQhTrSOy0KALDLF5SNiIhCayHXJEYvfOUF+pjtTmVLqalj2MMdtDIS2H5oBUFvrFauRlGy+xRWZnBvcJ3bleu5PewklJXrOWraKO4yHCenx+2za03x3XkF0bbD1J/4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hOK3xPhB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hOK3xPhB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8048FC19423; Thu, 5 Mar 2026 23:30:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753448; bh=l6PdqSMlvF3b2b9R+GwUvIJev9lUgXCwT4zIDcHSxvE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hOK3xPhBYSMcN4s6Wol/7FqBx0biZqvOYEs6j7CEYTFExMNRF8BudzEGnZ1YGJFU1 +mheRURchbLM39lVCax8esxTDYjh8J9AYUYCQpyXbqFmgw2O8Kra0dOHl6e2uzHFtu UltDYGOGK9jVX2TAQyMG4fLlJn9slhtUgr2QJd1+XputTrNv0idTYnPwx1hnerBKvc GSqDeCpzyg4rUwCuU59R6XfS9ZrJbPjrXXXXg0VU7kfaPranmiRWWOlxAYQrTcId/k 6e6A5Wf770efd5LXp3WdFrvEJY+WHnUNlNZxy/plDWuYamnNvMsflEZBmsMye1mttM 4HVkybOIpKCCA== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:14 +0100 Subject: [PATCH RFC v2 11/23] ksmbd: use scoped_with_init_fs() for filesystem info path lookup Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-11-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1195; i=brauner@kernel.org; h=from:subject:message-id; bh=l6PdqSMlvF3b2b9R+GwUvIJev9lUgXCwT4zIDcHSxvE=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuIUuVhymlmdLctFlsl/zmP7VQt7DtVes+OYuNrAY /vGXevZOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACbSeIPhr1xin64s455js3d+ qVvGHH/Votn+jpbRXYYwe/5Pm6QSqxgZ9n95cimCScI3b+kswwsnLmzNM/V+ULDSavohw7rXs95 d5gUA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the kern_path() call in smb2_get_info_filesystem() so the share path lookup happens in init's filesystem context. All ksmbd paths =E2=86=90 SMB command handlers =E2=86=90 handle_ksmbd_work(= ) =E2=86=90 workqueue =E2=86=90 ksmbd_conn_handler_loop() =E2=86=90 kthread Signed-off-by: Christian Brauner --- fs/smb/server/smb2pdu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 743c629fe7ec..0667b0b663cd 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -5463,7 +5464,8 @@ static int smb2_get_info_filesystem(struct ksmbd_work= *work, if (!share->path) return -EIO; =20 - rc =3D kern_path(share->path, LOOKUP_NO_SYMLINKS, &path); + scoped_with_init_fs() + rc =3D kern_path(share->path, LOOKUP_NO_SYMLINKS, &path); if (rc) { pr_err("cannot create vfs path\n"); return -EIO; --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D6C8368282; Thu, 5 Mar 2026 23:30:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753451; cv=none; b=LvQRuPb5/JHtR95mHTHCW7r/q5KOCleZBwK8jSD0Ecql/CUCq6n8/26bRScsClASvip1Oy5VTDD+G4rSX4ZV8IwR/u4xPZzcPugNS8JtuJuPf4EJ1NOPpQD/VqhvY69HvKVzfld8xKIW1pOYxulxtuYhesg0GViESlEbC7J6/pE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753451; c=relaxed/simple; bh=wU9SxeJzZju+/xFBYvuJFjoOiP1dhPkfgSD6zYZdtUQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RRBdN3MiSt12PuBoiUgndR/Ef9AKLZ0S+ZLVaocyS8XbcvyhKy/FSDbFqWtwZ2eQGx5w/l69PAmt0k3OqXqZHgJyh9vVgBCXH0QOzeHAaybssKEKEy7UZZ/hzOfoYMPXw1Jz00sFEKVI/DjxFS/O4WYnEvqKYNPgW3k/ZiksY6E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hpTTaJvC; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hpTTaJvC" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 153ADC2BCB3; Thu, 5 Mar 2026 23:30:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753451; bh=wU9SxeJzZju+/xFBYvuJFjoOiP1dhPkfgSD6zYZdtUQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hpTTaJvCzvmBI8ssoPzuRY9gbFvqoPmO9B/oDaz+8Cgtu0MPT9K0Drx5V95uIpPot BJFpm4v4Ac5mFB8qh3sKXDPawBh9ycBNedZr7ALbI4k9wwm9NMH9U0on7u5mZ0uIYn sAUNu1eQ3GfhfKVAgyULEQTF4K+FEfikUJmGeowuPVOmZY032whsc05AU4QNVqn89w b0PqDVC6hrlG2LLt2Auc1o6mlBl4FVHdm/XBxbRnyFz40vW91Sr+SjOhg13gaFumIN EGMKplnJPYU+g8WbDNj2GQdkzkvZDMICO9RuYELJbClN0TCKnCi6T6e+Sum94/PWk4 TDir8VAKB4vLg== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:15 +0100 Subject: [PATCH RFC v2 12/23] ksmbd: use scoped_with_init_fs() for VFS path operations Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-12-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=2156; i=brauner@kernel.org; h=from:subject:message-id; bh=wU9SxeJzZju+/xFBYvuJFjoOiP1dhPkfgSD6zYZdtUQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuLcVyCtW7/r4B4/Q8UTiRlfxKZPKLZy9/5U/cD/z PQzWtZnO0pZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACZyQYrhf1J30e+s/M+ZJ+QV ahry5kcvMHI7U+NzKnvLkX6Pj2xeIgz/VBy9gjb9dr7+4NuasvmHrY4Y8h59V1n1IGnTz0j53/s buAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for path lookups in ksmbd VFS helpers: - ksmbd_vfs_path_lookup(): wrap vfs_path_parent_lookup() - ksmbd_vfs_link(): wrap kern_path() for old path resolution - ksmbd_vfs_kern_path_create(): wrap start_creating_path() This ensures path lookups happen in init's filesystem context. All ksmbd paths =E2=86=90 SMB command handlers =E2=86=90 handle_ksmbd_work(= ) =E2=86=90 workqueue =E2=86=90 ksmbd_conn_handler_loop() =E2=86=90 kthread Signed-off-by: Christian Brauner --- fs/smb/server/vfs.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index d08973b288e5..4b537e169160 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -67,9 +68,10 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_conf= ig *share_conf, } =20 CLASS(filename_kernel, filename)(pathname); - err =3D vfs_path_parent_lookup(filename, flags, - path, &last, &type, - root_share_path); + scoped_with_init_fs() + err =3D vfs_path_parent_lookup(filename, flags, + path, &last, &type, + root_share_path); if (err) return err; =20 @@ -622,7 +624,8 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char = *oldname, if (ksmbd_override_fsids(work)) return -ENOMEM; =20 - err =3D kern_path(oldname, LOOKUP_NO_SYMLINKS, &oldpath); + scoped_with_init_fs() + err =3D kern_path(oldname, LOOKUP_NO_SYMLINKS, &oldpath); if (err) { pr_err("cannot get linux path for %s, err =3D %d\n", oldname, err); @@ -1258,7 +1261,8 @@ struct dentry *ksmbd_vfs_kern_path_create(struct ksmb= d_work *work, if (!abs_name) return ERR_PTR(-ENOMEM); =20 - dent =3D start_creating_path(AT_FDCWD, abs_name, path, flags); + scoped_with_init_fs() + dent =3D start_creating_path(AT_FDCWD, abs_name, path, flags); kfree(abs_name); return dent; } --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6509F369209; Thu, 5 Mar 2026 23:30:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753454; cv=none; b=WGJY77gdV42SLUWAbx8/f5NualFgz892mrMbzGtzBV8oIF1hi7Jh/bECAg6MXWYZYATerDNQkeYl4zv4LWnwWhdt+nh9m6MMCBKquvEAooFYCP5nTKzfJa2Yg95fe1BsMF4sYiTtl/oERl3E1PaMzsbUhK61C4AAC/H3ONP/fBs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753454; c=relaxed/simple; bh=NMdeYCQo1GHzMKmmqiJ3TF42UZ8RhEoUp+v0qV5T3nQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Tj7MzgCNzheyShigYPMnw0PWDCAdB6aLnE+G5oP2SPDlAAFD7H/Zl7HCc88RMzkXJISJp/oNFw5uNPA2xcK9VgKYhxP4OL5DtylV8aHJQkSH/nJJIDpgVPYwKUfsVr5tP7mruIglU6l9XMGgyPDHG815jKF1tvSH9wOb92lCgjA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BJn2ywop; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BJn2ywop" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 01010C2BC87; Thu, 5 Mar 2026 23:30:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753454; bh=NMdeYCQo1GHzMKmmqiJ3TF42UZ8RhEoUp+v0qV5T3nQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=BJn2ywop1YP0R/jxv9DMqY/Qb5YIephmyBNzdIXU1q6oiNX2Jxdjr7u6ykkt5FWVD xLW1/brpvaTAPvXAOeqJ4qqcfh1PTiulRCcS2Lsxa4ORCBsL0gdpYPEwV4SrxyGqLS EsesZd3SvSoImKFR/KQRiYRODwxz/+tA6KNRcNYuzdzDeM1l0S661oIRdHOlT3o/jj OpUHnTCFO4dvbQrmTrjOx5w0Z3cFYHqK0MixTEId+YojGNfVz7UniTcC72Sb/N+xIa ZD63879NnLp2PP+Vv3nxRWbOFihaVAHHKDjaudsZc5eageym2EtpL5q8IRCU+IabSV uvZve5y0u1jbQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:16 +0100 Subject: [PATCH RFC v2 13/23] initramfs: use scoped_with_init_fs() for rootfs unpacking Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-13-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=2169; i=brauner@kernel.org; h=from:subject:message-id; bh=NMdeYCQo1GHzMKmmqiJ3TF42UZ8RhEoUp+v0qV5T3nQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJaf7DdJjn627qIklquYNeAxTwMv+p0Tuok+PJNf vOQtcGno5SFQYyLQVZMkcWh3SRcbjlPxWajTA2YOaxMIEMYuDgFYCL37jAyrNQPt+VfWNv9yGr7 66MfUtMu7RPbzc0X5CARUZp7YebLBwz/M72ayxOFWOZ1fT8skmVqJuSwYOlUGfmfs8pvLN9k1VL MAwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Extract the initramfs unpacking code into a separate unpack_initramfs() function and wrap its invocation from do_populate_rootfs() with scoped_with_init_fs(). This ensures all file operations during initramfs unpacking (including filp_open() calls in do_name() and populate_initrd_image()) happen in init's filesystem context. do_populate_rootfs() =E2=86=90 async_schedule_domain() =E2=86=90 kworker (a= sync workqueue) May also run synchronously from PID 1 in case async workqueue is considered full. Overriding in that case is fine as well. Signed-off-by: Christian Brauner --- init/initramfs.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index 139baed06589..045e2b9d6716 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -715,7 +716,7 @@ static void __init populate_initrd_image(char *err) } #endif /* CONFIG_BLK_DEV_RAM */ =20 -static void __init do_populate_rootfs(void *unused, async_cookie_t cookie) +static void __init unpack_initramfs(async_cookie_t cookie) { /* Load the built in initramfs */ char *err =3D unpack_to_rootfs(__initramfs_start, __initramfs_size); @@ -723,7 +724,7 @@ static void __init do_populate_rootfs(void *unused, asy= nc_cookie_t cookie) panic_show_mem("%s", err); /* Failed to decompress INTERNAL initramfs */ =20 if (!initrd_start || IS_ENABLED(CONFIG_INITRAMFS_FORCE)) - goto done; + return; =20 if (IS_ENABLED(CONFIG_BLK_DEV_RAM)) printk(KERN_INFO "Trying to unpack rootfs image as initramfs...\n"); @@ -738,8 +739,13 @@ static void __init do_populate_rootfs(void *unused, as= ync_cookie_t cookie) printk(KERN_EMERG "Initramfs unpacking failed: %s\n", err); #endif } +} + +static void __init do_populate_rootfs(void *unused, async_cookie_t cookie) +{ + scoped_with_init_fs() + unpack_initramfs(cookie); =20 -done: security_initramfs_populated(); =20 /* --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 081A4369229; Thu, 5 Mar 2026 23:30:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753457; cv=none; b=QtnpCXdTeLwfD8MHZF/AYrCd1fE9D8BVU3WJgtgbeFP5krHygLXyZrZDtoMpTSEc8yncrO9j32XbWylDh7ekBmxzI+5C9s1YaL3fpYR9vv0eZsqbcvJiT7fP9Hu7+CqlmKK6ipMp42qP6w9dy6KmQ3kwb+kcPVrGgTp9Rg+KIpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753457; c=relaxed/simple; bh=GaVed/uXlUfN2mfqqpnSHi/Y3WP/E0BQOp7hhIxY23E=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RPm/sf2Ojr9lFPETrp4D69Asez1s82QA8lKW4mnUGMkJ2OTCpQRaLQlUd+HG2dMtGPtia4tfzRJnJQeftztzIXBVyKOWRbdMkUkWmI63XXgd6OVJVaphy7BjF14WTfwMQAuhKI2H76mWjVyP/8GFLfqgZWX3j+pYNs2twUcoDUo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nS/o3vnw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nS/o3vnw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A200EC116C6; Thu, 5 Mar 2026 23:30:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753456; bh=GaVed/uXlUfN2mfqqpnSHi/Y3WP/E0BQOp7hhIxY23E=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nS/o3vnwLVjDIZEKz5z8gopf9F+dqdAhQjg6K+fMBv7AQPxUFzir4hMcmoJFVJH+a IOP+4+epWKcT0wnnk5vD9Y8jPoOCk0LITup4qerWka+JyuNZqiU9Eg0NgFsvUTRpZR vQRsA7Y5C+1A5oSavXgo0r2adeubtTHiW0/NagoEde80ltH/XWYuzATtSfeVHlXRHz ZOCteAxiwjPRLsWmkP6r6nStEYaJwQxYFRx93M0u8HmGEEUUV/nYmtdQZiFCbrcJUp evB6zK52ROK3Xycmco9sYaj4vImYeQ0XPVMDkmhf5T1IYQVSLvWGRxv6SITDrfG45O 7/I9Zih1gJVaw== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:17 +0100 Subject: [PATCH RFC v2 14/23] af_unix: use scoped_with_init_fs() for coredump socket lookup Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-14-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1717; i=brauner@kernel.org; h=from:subject:message-id; bh=GaVed/uXlUfN2mfqqpnSHi/Y3WP/E0BQOp7hhIxY23E=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuKa/y077bUu08K+Bq05fXO6Ld8v3NT0rF+nndnmD Fvc//BLHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABM508HI8E+4wEZU4BxTXpxg 34pTWbEl+u3rZoXbGR6896q44y/nPYb/1XEt+odM2l3lHqV7B7iv0m/1Ml7j4LL7YuEE3w6tC3r 8AA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use scoped_with_init_fs() to temporarily override current->fs for the coredump unix socket path resolution. This replaces the init_root() + vfs_path_lookup() pattern with scoped_with_init_fs() + kern_path(). The old code used LOOKUP_BENEATH to confine the lookup beneath init's root. This is dropped because the coredump socket path is absolute and resolved from root (where ".." is a no-op), and LOOKUP_NO_SYMLINKS already blocks any symlink-based escape. LOOKUP_BENEATH was redundant in this context. unix_find_bsd(SOCK_COREDUMP) =E2=86=90 coredump_sock_connect() =E2=86=90 do= _coredump() =E2=80=94 same crashing userspace process Same security rationale as coredump. Signed-off-by: Christian Brauner --- net/unix/af_unix.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 3756a93dc63a..64b56b3d0aee 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1198,17 +1198,12 @@ static struct sock *unix_find_bsd(struct sockaddr_u= n *sunaddr, int addr_len, unix_mkname_bsd(sunaddr, addr_len); =20 if (flags & SOCK_COREDUMP) { - struct path root; - - task_lock(&init_task); - get_fs_root(init_task.fs, &root); - task_unlock(&init_task); - - scoped_with_kernel_creds() - err =3D vfs_path_lookup(root.dentry, root.mnt, sunaddr->sun_path, - LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | - LOOKUP_NO_MAGICLINKS, &path); - path_put(&root); + scoped_with_init_fs() { + scoped_with_kernel_creds() + err =3D kern_path(sunaddr->sun_path, + LOOKUP_NO_SYMLINKS | + LOOKUP_NO_MAGICLINKS, &path); + } if (err) goto fail; } else { --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7518936A038; Thu, 5 Mar 2026 23:30:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753459; cv=none; b=dM3Vh4I65TsUm/BlOLXgDJKLJJrjAUw+MecPJ5ABZhNR+sXK46cdE9RJOlIAAf66Cx0KlapHmGTugxm2R7Hw4H4s8se6MVKd0gZZ045Ffgl+woSQmpdwjXGUQL4CQT542qo0v099fHq1PaCFWExhQuFDGX8DG4cmVbj3whcncm8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753459; c=relaxed/simple; bh=CxiEn+MM2rptr8k5IIMhRN3g6s/m7W7DJGjcdX1OEQw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=tX+NQI6hfngRRup2joXVwD2xbk7Pr21Fq79GOiVuFrnFVvbbAvpzVn0AdCvo5KPRvZUopORxykMiugWDwWDw8sI69bC+oe4NZTa4KXqCnMgkvLvmLWtDQuoWBpA82dwA9AAjq8oXqp9er7XpeU6U0RJVn0w3xWgbD7+u4qAriP0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rxmOqqOZ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rxmOqqOZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F18AC116C6; Thu, 5 Mar 2026 23:30:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753459; bh=CxiEn+MM2rptr8k5IIMhRN3g6s/m7W7DJGjcdX1OEQw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rxmOqqOZ6GQrUn7s5e3NZtxCugLyq2GvRsUZnP4PiywprWdu0jjT051qWEgUPCRa3 MV1FD+jdRxnL/QttQN7kewXb11iJm3jI8rruikyOfwa3Vy5Qa3yG/Zazr+GqZSn03m JjueehfLOCDNL4lWujFsgMxl/rMHOmyXMOkyyc1roP5T9yd1lFHobvm0qTmFpN7Vf7 QUwniNX00hqR3I1OF/MpG65FrhndITaC7IcdfVEsSpwGPpEjNPn/rvhJedPS4GyO0O iFHrKcnqVhcmBwCT27xzn0u0YTqp+CnCwKtnyQwWlRsV/KlTTc6VrCGwMZ8NkPXqVQ MaFmMcAgUX6Kw== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:18 +0100 Subject: [PATCH RFC v2 15/23] fs: add real_fs to track task's actual fs_struct Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-15-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=4125; i=brauner@kernel.org; h=from:subject:message-id; bh=CxiEn+MM2rptr8k5IIMhRN3g6s/m7W7DJGjcdX1OEQw=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuLidPQ4ejrN5MBR/9upc3g7HNL3yHX83Phq7VxFD oOuso2vOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACZyXp6R4Tkfx7k9N0VD135M vszyolLGYvc9880bL/gaNva0TXvzdgojw8bzVc4N4k+0jrDp3VIWLYzYqnd6bkAPZ5eZpaH2s/9 3eAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Add a real_fs field to task_struct that always mirrors the fs field. This lays the groundwork for distinguishing between a task's permanent fs_struct and one that is temporarily overridden via scoped_with_init_fs(). When a kthread temporarily overrides current->fs for path lookup, we need to know the original fs_struct for operations like exit_fs() and unshare_fs_struct() that must operate on the real, permanent fs. For now real_fs is always equal to fs. It is maintained alongside fs in all the relevant paths: exit_fs(), unshare_fs_struct(), switch_fs_struct(), and copy_fs(). Also fix the argument passed to nullfs_userspace_init() in switch_fs_struct(): pass the old fs_struct itself rather than the conditional return value which is NULL when other users still hold a reference, ensuring the PID 1 unshare detection actually works. Signed-off-by: Christian Brauner --- fs/fs_struct.c | 10 +++++++--- include/linux/sched.h | 1 + init/init_task.c | 1 + kernel/fork.c | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/fs_struct.c b/fs/fs_struct.c index 3ff79fb894c1..b9b9a327f299 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -89,12 +89,13 @@ void free_fs_struct(struct fs_struct *fs) =20 void exit_fs(struct task_struct *tsk) { - struct fs_struct *fs =3D tsk->fs; + struct fs_struct *fs =3D tsk->real_fs; =20 if (fs) { int kill; task_lock(tsk); read_seqlock_excl(&fs->seq); + tsk->real_fs =3D NULL; tsk->fs =3D NULL; kill =3D !--fs->users; read_sequnlock_excl(&fs->seq); @@ -126,7 +127,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) =20 int unshare_fs_struct(void) { - struct fs_struct *fs =3D current->fs; + struct fs_struct *fs =3D current->real_fs; struct fs_struct *new_fs =3D copy_fs_struct(fs); int kill; =20 @@ -135,8 +136,10 @@ int unshare_fs_struct(void) =20 task_lock(current); read_seqlock_excl(&fs->seq); + VFS_WARN_ON_ONCE(fs !=3D current->fs); kill =3D !--fs->users; current->fs =3D new_fs; + current->real_fs =3D new_fs; read_sequnlock_excl(&fs->seq); task_unlock(current); =20 @@ -177,13 +180,14 @@ struct fs_struct *switch_fs_struct(struct fs_struct *= new_fs) =20 fs =3D current->fs; read_seqlock_excl(&fs->seq); + VFS_WARN_ON_ONCE(current->fs !=3D current->real_fs); current->fs =3D new_fs; + current->real_fs =3D new_fs; if (--fs->users) new_fs =3D NULL; else new_fs =3D fs; read_sequnlock_excl(&fs->seq); - nullfs_userspace_init(fs); return new_fs; } diff --git a/include/linux/sched.h b/include/linux/sched.h index a7b4a980eb2f..5c7b9df92ebb 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1179,6 +1179,7 @@ struct task_struct { unsigned long last_switch_time; #endif /* Filesystem information: */ + struct fs_struct *real_fs; struct fs_struct *fs; =20 /* Open file information: */ diff --git a/init/init_task.c b/init/init_task.c index 5c838757fc10..7d0b4a5927eb 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -152,6 +152,7 @@ struct task_struct init_task __aligned(L1_CACHE_BYTES) = =3D { RCU_POINTER_INITIALIZER(cred, &init_cred), .comm =3D INIT_TASK_COMM, .thread =3D INIT_THREAD, + .real_fs =3D &init_fs, .fs =3D &init_fs, .files =3D &init_files, #ifdef CONFIG_IO_URING diff --git a/kernel/fork.c b/kernel/fork.c index 583078c69bbd..73f4ed82f656 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1593,6 +1593,8 @@ static int copy_mm(u64 clone_flags, struct task_struc= t *tsk) static int copy_fs(u64 clone_flags, struct task_struct *tsk) { struct fs_struct *fs =3D current->fs; + + VFS_WARN_ON_ONCE(current->fs !=3D current->real_fs); if (clone_flags & CLONE_FS) { /* tsk->fs is already what we want */ read_seqlock_excl(&fs->seq); @@ -1605,7 +1607,7 @@ static int copy_fs(u64 clone_flags, struct task_struc= t *tsk) read_sequnlock_excl(&fs->seq); return 0; } - tsk->fs =3D copy_fs_struct(fs); + tsk->real_fs =3D tsk->fs =3D copy_fs_struct(fs); if (!tsk->fs) return -ENOMEM; return 0; --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9BD436AB45; Thu, 5 Mar 2026 23:31:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753461; cv=none; b=YK/TdKR0sFqNslboKQMyk1GHYBPthr7b4xFTP0vQxn578+73MAbXmeQgYEOEGZ+78tFRPVJezjk18x1BdIdYFTURdmau5DJkZVRjhn/YRYhsIPxBPf4o6QLG1CLMNIX89p9sx6JqK3UYQYQKymPYC6I+6UCRR+nDqLcuMYQZZ9E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753461; c=relaxed/simple; bh=T1PF8uR+tmSj9N7iVtpiuxKAI5ZeF6Hs12ZPEywHqNU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Jveo0zA4QzdcdCtPVFJFzBffcFNUAyN1x/v7z+htDF/sEmHFEi8HETRZY3YIa9QAHFo2/K6qkiQWP2/tmaKY1hkXWsQUGW9UW/5Ao8P5X0SSvHwfbjrXgfzCswLvoGvvgbSJ6gadqZNtJ4u1Q5uIAsYa0vsU9ELlx40qt5SA2x0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B6Q6/k0l; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B6Q6/k0l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A28CAC19423; Thu, 5 Mar 2026 23:30:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753461; bh=T1PF8uR+tmSj9N7iVtpiuxKAI5ZeF6Hs12ZPEywHqNU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B6Q6/k0lI+q0auN/tK/+UrqoZUPOlhQDvCgu9kSK4nU9p4zE3bhsgFy89Uoh4F2pm r4iEgT+3Tp/EVTFxmSkXKtTwTmb1hiKs2Oserqls7iUygjZGJx/59o9jCtVRDLMBMs SCwgcVUGnSnqDnuDK4q9o8hYSRmm9fNz9kdWcPgKwgUhVMvZNyeL9WABOWANSEu1UX 4pu8oXXrwJ3SxlMqtbOaseoSZUrSVOKNGbhYpCpg9A0OZHVHogOfCRi0lUxUcVayCb 8CDOjmw2jdjf1qWhPcujsm5NOcSqvgg3f/tQK2tXWGUzIV6GCTbkCZr/fcg2NNrRYv yDAR/Ay2T1W6w== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:19 +0100 Subject: [PATCH RFC v2 16/23] fs: make userspace_init_fs a dynamically-initialized pointer Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-16-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=5749; i=brauner@kernel.org; h=from:subject:message-id; bh=T1PF8uR+tmSj9N7iVtpiuxKAI5ZeF6Hs12ZPEywHqNU=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuKasLD8143C9/tut9ofPvuE7Z3w1e8Hch7NuWVfp PLqBtPWzo5SFgYxLgZZMUUWh3aTcLnlPBWbjTI1YOawMoEMYeDiFICJZLkwMky69Ob87RnfJv44 7848u+VpSvCFMPO3bb8mLNIvnFujkaXDyLC2unTTrskfJpWJsdhlPNNf2HLy7ey9Vm+P3v+pOvH ipw8cAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Change userspace_init_fs from a declared-but-unused extern struct to a dynamically initialized pointer. Add init_userspace_fs() which is called early in kernel_init() (PID 1) to record PID 1's fs_struct as the canonical userspace filesystem state. Wire up __override_init_fs() and __revert_init_fs() to actually swap current->fs to/from userspace_init_fs. Previously these were no-ops that stored current->fs back to itself. Fix nullfs_userspace_init() to compare against userspace_init_fs instead of &init_fs. When PID 1 unshares its filesystem state, revert userspace_init_fs to init_fs's root (nullfs) so that stale filesystem state is not silently inherited by kworkers and usermodehelpers. At this stage PID 1's fs still points to rootfs (set by init_mount_tree), so userspace_init_fs points to rootfs and scoped_with_init_fs() is functionally equivalent to its previous no-op behavior. Signed-off-by: Christian Brauner --- fs/fs_struct.c | 46 +++++++++++++++++++++++++++++++++++++++++++= ++- include/linux/fs_struct.h | 5 +++-- include/linux/init_task.h | 1 + init/main.c | 3 +++ 4 files changed, 52 insertions(+), 3 deletions(-) diff --git a/fs/fs_struct.c b/fs/fs_struct.c index b9b9a327f299..c1afa7513e34 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -8,6 +8,7 @@ #include #include #include "internal.h" +#include "mount.h" =20 /* * Replace the fs->{rootmnt,root} with {mnt,dentry}. Put the old values. @@ -163,15 +164,32 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); * fs_struct state. Breaking that contract sucks for both sides. * So just don't bother with extra work for this. No sane init * system should ever do this. + * + * On older kernels if PID 1 unshared its filesystem state with us the + * kernel simply used the stale fs_struct state implicitly pinning + * anything that PID 1 had last used. Even if PID 1 might've moved on to + * some completely different fs_struct state and might've even unmounted + * the old root. + * + * This has hilarious consequences: Think continuing to dump coredump + * state into an implicitly pinned directory somewhere. Calling random + * binaries in the old rootfs via usermodehelpers. + * + * Be aggressive about this: We simply reject operating on stale + * fs_struct state by reverting to nullfs. Every kworker that does + * lookups after this point will fail. Every usermodehelper call will + * fail. Tough luck but let's be kind and emit a warning to userspace. */ static inline void nullfs_userspace_init(struct fs_struct *old_fs) { if (likely(current->pid !=3D 1)) return; /* @old_fs may be dangling but for comparison it's fine */ - if (old_fs !=3D &init_fs) + if (old_fs !=3D userspace_init_fs) return; pr_warn("VFS: Pid 1 stopped sharing filesystem state\n"); + set_fs_root(userspace_init_fs, &init_fs.root); + set_fs_pwd(userspace_init_fs, &init_fs.root); } =20 struct fs_struct *switch_fs_struct(struct fs_struct *new_fs) @@ -198,3 +216,29 @@ struct fs_struct init_fs =3D { .seq =3D __SEQLOCK_UNLOCKED(init_fs.seq), .umask =3D 0022, }; + +struct fs_struct *userspace_init_fs __ro_after_init; +EXPORT_SYMBOL_GPL(userspace_init_fs); + +void __init init_userspace_fs(void) +{ + struct mount *m; + struct path root; + + /* Move PID 1 from nullfs into the initramfs. */ + m =3D topmost_overmount(current->nsproxy->mnt_ns->root); + root.mnt =3D &m->mnt; + root.dentry =3D root.mnt->mnt_root; + + VFS_WARN_ON_ONCE(current->pid !=3D 1); + + set_fs_root(current->fs, &root); + set_fs_pwd(current->fs, &root); + + /* Hold a reference for the global pointer. */ + read_seqlock_excl(¤t->fs->seq); + current->fs->users++; + read_sequnlock_excl(¤t->fs->seq); + + userspace_init_fs =3D current->fs; +} diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h index ff525a1e45d4..51d335924029 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -17,6 +17,7 @@ struct fs_struct { } __randomize_layout; =20 extern struct kmem_cache *fs_cachep; +extern struct fs_struct *userspace_init_fs; =20 extern void exit_fs(struct task_struct *); extern void set_fs_root(struct fs_struct *, const struct path *); @@ -60,13 +61,13 @@ static inline struct fs_struct *__override_init_fs(void) struct fs_struct *fs; =20 fs =3D current->fs; - smp_store_release(¤t->fs, current->fs); + smp_store_release(¤t->fs, userspace_init_fs); return fs; } =20 static inline void __revert_init_fs(struct fs_struct *revert_fs) { - VFS_WARN_ON_ONCE(current->fs !=3D current->fs); + VFS_WARN_ON_ONCE(current->fs !=3D userspace_init_fs); smp_store_release(¤t->fs, revert_fs); } =20 diff --git a/include/linux/init_task.h b/include/linux/init_task.h index a6cb241ea00c..61536be773f5 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -24,6 +24,7 @@ =20 extern struct files_struct init_files; extern struct fs_struct init_fs; +extern struct fs_struct *userspace_init_fs; extern struct nsproxy init_nsproxy; =20 #ifndef CONFIG_VIRT_CPU_ACCOUNTING_NATIVE diff --git a/init/main.c b/init/main.c index 1cb395dd94e4..5ccc642a5aa7 100644 --- a/init/main.c +++ b/init/main.c @@ -102,6 +102,7 @@ #include #include #include +#include #include #include #include @@ -1574,6 +1575,8 @@ static int __ref kernel_init(void *unused) { int ret; =20 + init_userspace_fs(); + /* * Wait until kthreadd is all set-up. */ --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DEEE36AB7D; Thu, 5 Mar 2026 23:31:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753464; cv=none; b=Ar22Yf5Qx5Gk279u4MLThRZ0thP3olnrS6elhYNDKS9+I2zVCrkIqmn1/d+LGtVJnisAUCn6ODG72v+sM0aB8InGem2MAmN5VSNg5NSKPrchT1fwRTPg92RG9LhZfxNqhg/wEBiFynDqSAIg4YF3m8qGQAgNGkbMnZalyW57soA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753464; c=relaxed/simple; bh=cEPoxGsNVeZpiXD7WHSwi6VwLjjrPPIdV4amCA7QCoA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=iG/2I4IFlrXzEqw7cL/h8rZ3XmxSL0bYPEBFJQBSGbIDlsTPFYTojXjG+a3FRAtFDvrXdYZ3Gyc6a8TU5LtLfVQ1bTS5MsU44adUYZQYFWN37enowYBzGU/kx34GbESFzbl4+2+6YwbxjsNAR0006HclpAvu5eGyfV9SZEIsUYs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KIB7Z1ev; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KIB7Z1ev" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F4EEC2BCB5; Thu, 5 Mar 2026 23:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753464; bh=cEPoxGsNVeZpiXD7WHSwi6VwLjjrPPIdV4amCA7QCoA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KIB7Z1evOY0WoqgIkwpMcntDF/poLiogO+/Vq2d9DVVU5YQw+dRXYBprykI4QnTe/ T+SaRyC4Qqa/KN0+kUDedtkcnKHxiFk0q4ZUqRegUMnF/LLpKR1EstkRh17ViHUe8q G9lRjrDHH4jbXcbQCP2SVqlz1lx9H5NKyhaw3foTUdvap2GM552SDzBHRJ34OkAu4t eIQbdUKBUQ/pQVv/kPK1wKTc/M8B95c2apHMw8gO67B/bJY6qsSMZdlhE23Q84i6id YQvzrCoEhFaK4aoESbxjz9c2PVIWkVylfBiZZm+XQSJ+xOjeIgpB+SG99/XWL6szuj uTsMiG+keS5PQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:20 +0100 Subject: [PATCH RFC v2 17/23] fs: stop sharing fs_struct between init_task and pid 1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-17-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1574; i=brauner@kernel.org; h=from:subject:message-id; bh=cEPoxGsNVeZpiXD7WHSwi6VwLjjrPPIdV4amCA7QCoA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJyuTX5zxGlXs0Tv461ayz1aOAtqu4VuCp5cnvlp gPPjf1ndJSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAExEqoHhf+X+o+XWs/5ZqS6X 6bxhZFNa7yTbuuiXsePxpToFZXM/H2X4H+5yWs3qxtSOXf2KVlbVaxoWny71ed3nmNET6z6v6EU kFwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Spawn kernel_init (PID 1) via kernel_clone() directly instead of user_mode_thread(), without CLONE_FS. This gives PID 1 its own private copy of init_task's fs_struct rather than sharing it. This is a prerequisite for isolating kthreads in nullfs: when init_task's fs is later pointed at nullfs, PID 1 must not share it or init_userspace_fs() would modify init_task's fs as well, defeating the isolation. At this stage PID 1 still gets rootfs (a private copy rather than a shared reference), so there is no functional change. Signed-off-by: Christian Brauner --- init/main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/init/main.c b/init/main.c index 5ccc642a5aa7..6633d4bea52b 100644 --- a/init/main.c +++ b/init/main.c @@ -714,6 +714,11 @@ static __initdata DECLARE_COMPLETION(kthreadd_done); =20 static noinline void __ref __noreturn rest_init(void) { + struct kernel_clone_args init_args =3D { + .flags =3D (CLONE_VM | CLONE_UNTRACED), + .fn =3D kernel_init, + .fn_arg =3D NULL, + }; struct task_struct *tsk; int pid; =20 @@ -723,7 +728,7 @@ static noinline void __ref __noreturn rest_init(void) * the init task will end up wanting to create kthreads, which, if * we schedule it before we create kthreadd, will OOPS. */ - pid =3D user_mode_thread(kernel_init, NULL, CLONE_FS); + pid =3D kernel_clone(&init_args); /* * Pin init on the boot CPU. Task migration is not properly working * until sched_init_smp() has been run. It will set the allowed --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33AAC35E92F; Thu, 5 Mar 2026 23:31:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753467; cv=none; b=iz3y63UiepgXj1SRGH2lAoCHuydkRgpz6I3fAGD4fN10+qpOnqoMP22THsORRjIn4IcGyV21kyag9lLXdJpEvT+VbhTbydbC6jxmyfnizm0a8lMf/UYkEKW4Bm8acHLc1FGluG6Zfaof0fhF8NO6hyych9Thyved5TO0R7DDuXE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753467; c=relaxed/simple; bh=EOCV2pb/HqDWEobk9WOoHPEHdvd/YNkEMUQqkx9ABNo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ihi5zdqnKxaMpJhPmijdyQiuNSEyvC6R7SWRMZ5f0Ffuwzw1nSWnxQBqX2Hqblj9a+aSMycqKq/r5luKS7vzy+3ntgs2/2WGaknZLQFehFme6KC3fhzn7dC82RkAx47eTvcU1wdrkCwWdmmKvYKD2H61x6vILDHbf3b6bh9TcXQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LJBkZmau; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LJBkZmau" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D65A5C19423; Thu, 5 Mar 2026 23:31:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753466; bh=EOCV2pb/HqDWEobk9WOoHPEHdvd/YNkEMUQqkx9ABNo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LJBkZmau2fuzxZNEkJEO1aEWOuWZWF/64JfEUirOHCD300jFpkCI+M9J45yIDx3kl qN7Aczw4/GpoijDWeVoKvcgOn4LZQlUetKGFM2P5w4KoXyLIVpR+l486KfqFcf5gJP sgKuMPLaJ35hem/fqh10oeLy4hhbjObzDjsx3LAzok0MTdq7qWK39j3c37+O2oLPFE YB1z99SX4+a3UO+t+dFPXaekqZ53CJOnjPhi2qPa2C3mIfEjwC2NqwiNVHE22PAQgA iDy/FNlZmEROvIB1ctcpIBhiqxWr2ADt/ctyRYMivZusUGmj4s5ZxRo51+4ifdxM1D LtZh/BbBpzVhA== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:21 +0100 Subject: [PATCH RFC v2 18/23] fs: add umh argument to struct kernel_clone_args Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-18-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=2817; i=brauner@kernel.org; h=from:subject:message-id; bh=EOCV2pb/HqDWEobk9WOoHPEHdvd/YNkEMUQqkx9ABNo=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJi+7lI0uFPjenneRu09zimPHrdeXh+aPnksK7PG Y+D2l9O6ihlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZhIqRsjw/caU7fMfpffpnXv 77Jtuyd7Rap8b7N5RG1PYUnm+7zqWEaGP58tZXon/4i7r7fiQ/RuqReR1vdmHd7p/3zOw7j6O3c KmAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Add a umh field to struct kernel_clone_args. When set, copy_fs() copies from pid 1's fs_struct instead of the kthread's fs_struct. This ensures usermodehelper threads always get init's filesystem state regardless of their parent's (kthreadd's) fs. Usermodehelper threads are not allowed to create mount namespaces (CLONE_NEWNS), share filesystem state (CLONE_FS), or be started from a non-initial mount namespace. No usermodehelper currently does this so we don't need to worry about this restriction. Set .umh =3D 1 in user_mode_thread(). At this stage pid 1's fs points to rootfs which is the same as kthreadd's fs, so this is functionally equivalent. Signed-off-by: Christian Brauner --- include/linux/sched/task.h | 1 + kernel/fork.c | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 41ed884cffc9..e0c1ca8c6a18 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -31,6 +31,7 @@ struct kernel_clone_args { u32 io_thread:1; u32 user_worker:1; u32 no_files:1; + u32 umh:1; unsigned long stack; unsigned long stack_size; unsigned long tls; diff --git a/kernel/fork.c b/kernel/fork.c index 73f4ed82f656..c740fe2ad1ef 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1590,9 +1590,25 @@ static int copy_mm(u64 clone_flags, struct task_stru= ct *tsk) return 0; } =20 -static int copy_fs(u64 clone_flags, struct task_struct *tsk) +static int copy_fs(u64 clone_flags, struct task_struct *tsk, bool umh) { - struct fs_struct *fs =3D current->fs; + struct fs_struct *fs; + + /* + * Usermodehelper may use userspace_init_fs filesystem state but + * they don't get to create mount namespaces, share the + * filesystem state, or be started from a non-initial mount + * namespace. + */ + if (umh) { + if (clone_flags & (CLONE_NEWNS | CLONE_FS)) + return -EINVAL; + if (current->nsproxy->mnt_ns !=3D &init_mnt_ns) + return -EINVAL; + fs =3D userspace_init_fs; + } else { + fs =3D current->fs; + } =20 VFS_WARN_ON_ONCE(current->fs !=3D current->real_fs); if (clone_flags & CLONE_FS) { @@ -2213,7 +2229,7 @@ __latent_entropy struct task_struct *copy_process( retval =3D copy_files(clone_flags, p, args->no_files); if (retval) goto bad_fork_cleanup_semundo; - retval =3D copy_fs(clone_flags, p); + retval =3D copy_fs(clone_flags, p, args->umh); if (retval) goto bad_fork_cleanup_files; retval =3D copy_sighand(clone_flags, p); @@ -2727,6 +2743,7 @@ pid_t user_mode_thread(int (*fn)(void *), void *arg, = unsigned long flags) .exit_signal =3D (flags & CSIGNAL), .fn =3D fn, .fn_arg =3D arg, + .umh =3D 1, }; =20 return kernel_clone(&args); --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8845936BCDF; Thu, 5 Mar 2026 23:31:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753469; cv=none; b=iYGv0qjAMe1Cr3CkzwIJzWMYdqs3ovVcFwCbr05AkSmw5f6+9Ylz3xaSGrEwEopJ73TNu84vr4Ldrt9rF3uJAa4O3DaZH+YC5WVREaIbn9gpdfW/eiDxJnXWOf/INkULjCiZgdeKkjcURR4uhyLqeYRugFN0UpwhP/vkmy+4Wzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753469; c=relaxed/simple; bh=OgNQ/xlwvm4M9g2zqphqbWQNReYOOt5NLqaMAeMCRPE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JPcgaCSkbsKQ70KvIRkg4KuTPAFuAlvVjKa8vsapjxsw4YXUDWD084DO9lfBiaP4kcLCOBiUBqxUyOIrb7aEP2qvsTciD4HrNPvJL69sJ1R/1QDiPsf7+o+GG1EupUoXNX+dN3QOt2shS31/c/1p2itIqslWw/TYB1TWL+MUkB4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gOTm2yzw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gOTm2yzw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59C5FC116C6; Thu, 5 Mar 2026 23:31:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753469; bh=OgNQ/xlwvm4M9g2zqphqbWQNReYOOt5NLqaMAeMCRPE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gOTm2yzwPADPrY1li910gwFSYX7hBtLG2vw0IDW/2lPLqnSLSZ5J9lTDisy3rqd1Y f/s6ivYCXvohi+xHOKXRa7slaY8/aulzql7XYucIRL3pNkBUuO73QC/tZ8mDqc7YJJ URE56k8uWYIYPEVPg5cU74awB3VZzm2qpLM5D2+6LINQQ8MNc9TWxa43sbcShpN4IF 0ucmVjieM/hT264ZNGGSxpG1TO2kUimsvnRZzirc3EWMXZ2+FgEFYn8IOu9HDR3n8K uEyRBFClTZxEnxol9bfZzMXMo3/ZbbmrYdT/A4oX8xOefVPH2o8WnpjGis4r7uQkRX 68YXxbs/fnkXw== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:22 +0100 Subject: [PATCH RFC v2 19/23] fs: add kthread_mntns() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-19-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1871; i=brauner@kernel.org; h=from:subject:message-id; bh=OgNQ/xlwvm4M9g2zqphqbWQNReYOOt5NLqaMAeMCRPE=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuK6cz61xTrqXIxcTACnmFzbiRuFPrkNi4pTH+Zc5 Qu/mr+oo5SFQYyLQVZMkcWh3SRcbjlPxWajTA2YOaxMIEMYuDgFYCK+Hgz/FP46rDk2vSZ7tZvJ Sc6EHLvI4OuFa4RXpXTqZp+21mKsZ2SYvL736MJqxatWuzYaszj3hWw6wqi2Q67A64xV61veOW2 MAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Allow kthreads to create a private mount namespace. Signed-off-by: Christian Brauner --- fs/namespace.c | 30 ++++++++++++++++++++++++++++++ include/linux/mount.h | 1 + 2 files changed, 31 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c index 854f4fc66469..668131aa5de1 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -6200,6 +6200,36 @@ static void __init init_mount_tree(void) ns_tree_add(&init_mnt_ns); } =20 +/* + * Allow to give a specific kthread a private mount namespace that is + * anchored in nullfs so it can mount. + */ +int __init kthread_mntns(void) +{ + struct mount *m; + struct path root; + int ret; + + /* Only allowed for kthreads in the initial mount namespace. */ + VFS_WARN_ON_ONCE(!(current->flags & PF_KTHREAD)); + VFS_WARN_ON_ONCE(current->nsproxy->mnt_ns !=3D &init_mnt_ns); + + /* + * TODO: switch to creating a completely empty mount namespace + * once that series lands. + */ + ret =3D ksys_unshare(CLONE_NEWNS); + if (ret) + return ret; + + m =3D current->nsproxy->mnt_ns->root; + root.mnt =3D &m->mnt; + root.dentry =3D root.mnt->mnt_root; + set_fs_pwd(current->fs, &root); + set_fs_root(current->fs, &root); + return 0; +} + void __init mnt_init(void) { int err; diff --git a/include/linux/mount.h b/include/linux/mount.h index acfe7ef86a1b..69d61f21b548 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -106,6 +106,7 @@ int do_mount(const char *, const char __user *, extern const struct path *collect_paths(const struct path *, struct path *= , unsigned); extern void drop_collected_paths(const struct path *, const struct path *); extern void kern_unmount_array(struct vfsmount *mnt[], unsigned int num); +int __init kthread_mntns(void); =20 extern int cifs_root_data(char **dev, char **opts); =20 --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 21FBA36C0BA; Thu, 5 Mar 2026 23:31:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753472; cv=none; b=PMiqWys2CoYLrgJ287sJM8SAyTIYYM61ZAKvpfbSXkjzHG7qTVfrGKy6wEu21w/ZDUNHxcEeOyuYq/b/+m302cM4VInb+E/PgKursxCiv6H9iTzdBlH0uc8HPejmrPVlrhQEaVxFyl8dGrAxG718lwhsOT/uWVNin3KD04gUt4g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753472; c=relaxed/simple; bh=LEkYCP2B26VM04U/Xfgf30JgLqLChdLWXV57GkA2dNs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mVY4Q/eDSVjRcxjIbM42bmThly5bQiRHQX7MXvgvFObpX6qUUJ5bH3+tje0+yoJWkYRNLcnJ7EMLeTbfwRbrxSOBkvM23yXH8Kp8aWpwpmpyGjYDiEW2oui2eOfqnCPgKrlB2WKAq+FGXxGUiBDpUBgjJNO/9cTCNv3s1K7oC3I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KB1g9v7Y; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KB1g9v7Y" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E557EC19423; Thu, 5 Mar 2026 23:31:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753472; bh=LEkYCP2B26VM04U/Xfgf30JgLqLChdLWXV57GkA2dNs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KB1g9v7YNo2cA5LeGftvekrvEjpF6FqnB/NDLsnF04wG4bVMhWyWdenXwEi8YzdTu Zzlqr2sA2PSNBJGSE2dO7HGMYE5QMCTdfM7l+Ys8wHsOXWf4n+uy7j+ysrNq9Ft12x E9E+1G84CYzF+0weUXpW3yrI2yHDUGsShw5bsSkVycnPjwS8mmBEM8BPhED1C9SH5B /noyRtjci8xfFDs+tElqlvDKZ8BSTXna1KOfugtOV89pbGA+vpqs9w6/vkIJoDwR/O PuCeFwWTaRRucpcVuEnupg7RdWnGZ963iBNYyC3GD9eSaC/gh8FhxIKiC5+nym62KS kHP4m0EuHuw0Q== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:23 +0100 Subject: [PATCH RFC v2 20/23] devtmpfs: create private mount namespace Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-20-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=792; i=brauner@kernel.org; h=from:subject:message-id; bh=LEkYCP2B26VM04U/Xfgf30JgLqLChdLWXV57GkA2dNs=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJy3csm/W8Rm6p7/AmmpRdiQlncdVk1zu9vY5s+q b76wb6ZHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABPJ/sjI0GGnvvropTn2jgrR Wb+PfNr4r5Mhdsq9g5VLnMykY7U3/GH4Z/Ql2HF5yPGL0r+05m77fWXG5zgLzq0e76cEmpcd0s9 MZQQA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Kernel threads are located in a completely isolated nullfs mount. Make it possible for a kthread to create a private mount namespace so it can mount private filesystem instances. This is only used by devtmpfs. Signed-off-by: Christian Brauner --- drivers/base/devtmpfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index b1c4ceb65026..246ac0b331fe 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -413,7 +413,7 @@ static noinline int __init devtmpfs_setup(void *p) { int err; =20 - err =3D ksys_unshare(CLONE_NEWNS); + err =3D kthread_mntns(); if (err) goto out; err =3D init_mount("devtmpfs", "/", "devtmpfs", DEVTMPFS_MFLAGS, NULL); --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCCE936C9E2; Thu, 5 Mar 2026 23:31:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753474; cv=none; b=fBR7599YhclIsoDl0z8ezagbgzMB1ybSp6fO+Ie4RGzxN/X/Mg7nGhdxxVnybaS4KnMfKDhLSLSd7zT8+GoGIzK9xBCGzMQykg09AO0dXgFGSNl12Rc+fsR4AQE7WKwWPWD3il5ijvLXua4/pz38cghr3+uHIXlt/jkDE+yvhYM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753474; c=relaxed/simple; bh=cEdUQUlFBerrrjll65RYnh0FxEaBJ8BqmqOAkJYC198=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mxSUD2p1dTd4bpgK5f/kbd/miXpti56W8f7OCU4qSbwhRsAK1XCAgFodYT4sClr8XO2aKTkiTXuuzMjwyoVDfR6c1CjAX90rAjWh0bAFZ7CYg5pmil3DiVhddjl0JwRHtcpNtWfji3dds9tZnKvt6QvhZ3IbnESObYE5mQfIY28= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qzq4+aMM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qzq4+aMM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A699C19423; Thu, 5 Mar 2026 23:31:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753474; bh=cEdUQUlFBerrrjll65RYnh0FxEaBJ8BqmqOAkJYC198=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qzq4+aMMy3XptoROLLxxvWTFnkzdLo8JrA3JBoCmCLaX+SKz7xD4Cuo5T+dKJ00oW nRkZuGrBhEjKyXLKFBlveAR/h5KOwVTM2rB4kZyarP04jnP9A8tj1mCAGzYhP91ypa dqEVSQl9Wb+VXh9mTa7OVPkxAdnNMjMAXJfG0kuDAh2XFHUlFqIAXiDp1tOSLKqM8I ZxqaX9XKImyzqwbawnuaCWpRApI0iUNbT8NBx2FUUqjgptCODVLOF24maTX18eTPMj brf5ZDhE/gwCl2xKtA29sk37n0xJEQQEkqF9PRTe5/HG1UkS6DsgjGKq6E+kqjoDTI qGLHzxWhdv4/Q== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:24 +0100 Subject: [PATCH RFC v2 21/23] nullfs: make nullfs multi-instance Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-21-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1007; i=brauner@kernel.org; h=from:subject:message-id; bh=cEdUQUlFBerrrjll65RYnh0FxEaBJ8BqmqOAkJYC198=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuIq9t5TYMl60PXIZpGDnXxB/OtUimaoXYn62XXfz O2v4RPjjlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIlUdzL84eSX/CxkeOP5ubDL Rlluj61ulhwJMlnse+iQz9q5F/Ksihn+pz2/6drLmSzu8i7zcHmAQ/2P9wH9wTxPD4n73zm2m/k fKwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Allow multiple instances of nullfs to be created. Right now we're only going to use it for kernel-internal purposes but ultimately we can allow userspace to use it too to e.g., safely overmount stuff. Signed-off-by: Christian Brauner --- fs/nullfs.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/fs/nullfs.c b/fs/nullfs.c index fdbd3e5d3d71..88ba4f3fc3a2 100644 --- a/fs/nullfs.c +++ b/fs/nullfs.c @@ -40,14 +40,9 @@ static int nullfs_fs_fill_super(struct super_block *s, s= truct fs_context *fc) return 0; } =20 -/* - * For now this is a single global instance. If needed we can make it - * mountable by userspace at which point we will need to make it - * multi-instance. - */ static int nullfs_fs_get_tree(struct fs_context *fc) { - return get_tree_single(fc, nullfs_fs_fill_super); + return get_tree_nodev(fc, nullfs_fs_fill_super); } =20 static const struct fs_context_operations nullfs_fs_context_ops =3D { --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A1DB36D4E2; Thu, 5 Mar 2026 23:31:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753477; cv=none; b=F6C1tNYs2ngoPLdRPrU6VUUg3r0k1efwI9T7akIEMnHadav+VTQfu2O5u0QYcq3EaBJiOLqaikthOUfTcsn0MtuWND9qJdamkYduQA2Dj9YaaI4dupv2eXiKO2Q+OCcgnT6LmYcDqcSGBC17/coV/4PIpnnY8H+0leYyGIVAKdw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753477; c=relaxed/simple; bh=XeqX3QrUV4KI7Elsw6ZcveYXCtC1JO/XPb2z64xgwOU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PG/LaGDzZ9bQpmTuVgC2q9Fj4AZo5rOZRN4Hi6Ek6o2jIRBhk54Q5B3FUOrlN+tXnvzRqch7vnV4jYxGjEeUfT86q9/fEAlDHMBCOGhIidIK7pz0y9q5kwELTpFkpJVH7UmPcgrpOD6YKKGTYVLEdw3TbHzg2ftAMcv5LKI8Af8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pMtVEnfE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pMtVEnfE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F068FC2BC87; Thu, 5 Mar 2026 23:31:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753476; bh=XeqX3QrUV4KI7Elsw6ZcveYXCtC1JO/XPb2z64xgwOU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pMtVEnfEH4590Wd0+8vGienC6LVlQWzL5D5c1eNuCP8294VcItsYYcK4cNfQSxtrR V9szetLWv3W19RIyhTN1LYrY3eAabAOxWPUKnjkkwMEhnO9zFf3qEEAQVDHE9PAxXv R6xs30pu594612yY9uW79rx4T4dXyaR3fId0oiyU4Bs5aESlM2ZwpeFk87gLsnIY5d RIT1+RM1OyQe6li9s1fWAxJxnYwu0LQXcRtkg806s+VRWEIF/2FmEpnDzEtiT98RLb 1uT1Ix9MxpArf/xdoZHfK2VbtUisDAtXuNDInSD5pE7N1QUy89J3Kv873Fn5DzNcTA DsyXaLAHrllRQ== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:25 +0100 Subject: [PATCH RFC v2 22/23] fs: start all kthreads in nullfs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-22-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1493; i=brauner@kernel.org; h=from:subject:message-id; bh=XeqX3QrUV4KI7Elsw6ZcveYXCtC1JO/XPb2z64xgwOU=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuJaf+dRTOCPxulfLslOv2oklmf1fP6yJD9Xb1s+U zNXIQPPjlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIlMlWBkWCFzrDuKP39mawzD zyu5iwsml+frLricuGvzFyfOOwoVeowMjbazeH8HSvyeuEbVMyp6t75zCe/unTMXel2tmxgYcvo xMwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Point init_task's fs_struct (root and pwd) at a private nullfs instance instead of the mutable rootfs. All kthreads now start isolated in nullfs and must use scoped_with_init_fs() for any path resolution. PID 1 is moved from nullfs into the initramfs by init_userspace_fs(). Usermodehelper threads use userspace_init_fs via the umh flag in copy_fs(). All subsystems that need init's filesystem state for path resolution already use scoped_with_init_fs() from earlier commits in this series. This isolates kthreads from userspace filesystem state and makes it hard to perform filesystem operations from kthread context. Signed-off-by: Christian Brauner --- fs/namespace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 668131aa5de1..2a530109eb36 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -6188,12 +6188,14 @@ static void __init init_mount_tree(void) init_mnt_ns.nr_mounts++; } =20 + nullfs_mnt =3D kern_mount(&nullfs_fs_type); + if (IS_ERR(nullfs_mnt)) + panic("VFS: Failed to create private nullfs instance"); + root.mnt =3D nullfs_mnt; + root.dentry =3D nullfs_mnt->mnt_root; + init_task.nsproxy->mnt_ns =3D &init_mnt_ns; get_mnt_ns(&init_mnt_ns); - - /* The root and pwd always point to the mutable rootfs. */ - root.mnt =3D mnt; - root.dentry =3D mnt->mnt_root; set_fs_pwd(current->fs, &root); set_fs_root(current->fs, &root); =20 --=20 2.47.3 From nobody Thu Apr 9 20:25:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7743736E47C; Thu, 5 Mar 2026 23:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753479; cv=none; b=AUq/70oTwS+qCg/JGcs84Jkf9IpHpVc2oqg+dRimP3Xh3lXNyOcgRrUg3GRw/lEcQwmnyX9J6wl+xJcYW1mUr7zy/V5lJkjAwioWLgxOpB78/xGjhm0NvHlV9Nkrd2VHNEAZCDfhdbKqrlXZ3mRhbrTzVzStDyljgXmSBiAQH6s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772753479; c=relaxed/simple; bh=7s8+VRxkVOYhZ/0V/yWyXtD+NXc+CLa2t/HYS4SO890=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XZKqul1RJavAmvmSLBntUT/b5P9Lh03HW6Jp3sSSNZQaWBJhHT6cz2psQn2xpiwlL7FDOWCGQOCdHd+FkMGEjSX0hq4qgTTw+NFgahf1P0TWI4/WySVAufiA4sH3d6fKhpytECJ0378kq/bxGJaZIhyqu4WISlJgcwXfnjZJyqY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=arNEtzTW; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="arNEtzTW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 605F6C116C6; Thu, 5 Mar 2026 23:31:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772753479; bh=7s8+VRxkVOYhZ/0V/yWyXtD+NXc+CLa2t/HYS4SO890=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=arNEtzTW8xel+h6UkihMZ3oOj5qkVkY1dkfcq/ZUMlJvN3j7m/hgFlQU9Ho9UI7OA OEJSgP0mQMY2+52yPprsEWPyrx8jklP0uknlg6+m9ibadIp9mFrJJT2zoEZd+Hutoa SaC7g1+S6gs/NMUaXym2W03FnFHHCXav6LmWdyGQy2Zk5UX24NHkzjWmHDOPQbK8XN OJXNLoOBXhmMVqV0IyZIY7SOdecN6NuOnzQTGi5oMNTWv/1QOMgSsGnuNm5EGQBcHg fH3YEODvGDy6t42wShlPlUtJAOw1B1Igl0mpu2SPSvWtxz3rlApbRZi26r9gqduQq4 y8GChCVjtQX0A== From: Christian Brauner Date: Fri, 06 Mar 2026 00:30:26 +0100 Subject: [PATCH RFC v2 23/23] fs: stop rewriting kthread fs structs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260306-work-kthread-nullfs-v2-23-ad1b4bed7d3e@kernel.org> References: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> In-Reply-To: <20260306-work-kthread-nullfs-v2-0-ad1b4bed7d3e@kernel.org> To: linux-fsdevel@vger.kernel.org, Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , Jens Axboe , Jan Kara , Tejun Heo , Jann Horn , Christian Brauner X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=634; i=brauner@kernel.org; h=from:subject:message-id; bh=7s8+VRxkVOYhZ/0V/yWyXtD+NXc+CLa2t/HYS4SO890=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWSuEuL69TOJ6a1+dZyH5Kwp+3zXad+2UU65+Ii5Nf/v+ YLdDe+mdJSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEyk9iojw1SOjX3mOaWlmb/i Uz7lr1H8dV3Q9tSpN+fn8zb6TWz+t5mR4be55u/IOSu90p1NTlx2LN5X78Bw/tnFZTM7rN3Zv3N 2sQAA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Now that we isolated kthreads filesystem state completely from userspace stop rewriting their state. Signed-off-by: Christian Brauner --- fs/fs_struct.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fs_struct.c b/fs/fs_struct.c index c1afa7513e34..74fcee814be3 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -61,6 +61,9 @@ void chroot_fs_refs(const struct path *old_root, const st= ruct path *new_root) =20 read_lock(&tasklist_lock); for_each_process_thread(g, p) { + if (p->flags & PF_KTHREAD) + continue; + task_lock(p); fs =3D p->fs; if (fs) { --=20 2.47.3