Hey Linus, This is the batch of pull requests for the v7.1 merge window. This cycle has several new features and a good amount of infrastructure work. There are three new clone3() flags for pidfd-based process lifecycle management. CLONE_AUTOREAP makes a child auto-reap on exit without becoming a zombie. Unlike SA_NOCLDWAIT or SIG_IGN on SIGCHLD this is a per-process property on the child, not a parent-scoped setting affecting all children. The flag survives reparenting so subreaper or init won't need to deal with it. CLONE_NNP sets no_new_privs on the child at clone time, allowing the parent to impose it without affecting itself. CLONE_PIDFD_AUTOKILL ties a child's lifetime to the pidfd returned from clone3() - when the last reference to that struct file is closed the kernel sends SIGKILL to the child. This is useful for container runtimes, service managers, and sandboxed subprocess execution where the child must die if the parent crashes. CLONE_PIDFD_AUTOKILL requires both CLONE_PIDFD and CLONE_AUTOREAP. The pidfd_info struct also gains a coredump_code field. The mount namespace work introduces FSMOUNT_NAMESPACE for fsmount() which creates a new mount namespace with the newly created filesystem attached, returning a namespace fd instead of an O_PATH mount fd. This accompanies last cycle's OPEN_TREE_NAMESPACE and is especially useful when mounting a real filesystem to serve as a container rootfs. Also new is support for creating empty mount namespaces via CLONE_EMPTY_MNTNS for clone3() and UNSHARE_EMPTY_MNTNS for unshare(). These create a namespace containing only a single nullfs root mount with an immutable empty directory. The intended workflow is to mount a real filesystem over the root and build the mount table from scratch, which avoids copying and tearing down the entire parent mount tree. MOVE_MOUNT_BENEATH is extended to target the caller's rootfs and to transfer the MNT_LOCKED property from the top mount to the mount beneath. This allows safely modifying an inherited mount table after unprivileged namespace creation via unshare(CLONE_NEWUSER | CLONE_NEWNS) and makes it possible to switch out the rootfs without pivot_root(2). The simple_xattr subsystem is reworked from an rbtree protected by a reader-writer spinlock to an rhashtable with RCU-based lockless reads. All consumers (shmem, kernfs, pidfs) are converted and the rbtree code is removed. On top of this, user.* extended attributes are now supported on sockets. Sockfs sockets get per-inode limits of 128 xattrs and 128KB total value size. The practical motivation comes from systemd and GNOME expanding their use of Varlink as an IPC mechanism - with user.* xattrs a service can label its socket with the IPC protocol it speaks and eBPF programs can selectively capture traffic on those sockets. The inode->i_ino field is widened from unsigned long to u64. This is a treewide change affecting format strings and tracepoints across 222 files. On 64-bit hosts this makes no material difference but it eliminates the 32-bit hashing hacks various filesystems had to use. Filesystem-level T10 protection information support is added. The existing block layer PI code is refactored to be reusable and wired up through iomap into XFS. This increases read performance up to 15% for 4k I/O compared to the automatic below-the-covers block layer approach. The metadata buffer_head tracking accumulated in struct address_space over the years is cleaned up and moved into filesystem-private inode structures. The private_list, private_data, and private_lock fields are removed from struct address_space, saving 3 longs in struct inode for the vast majority of inodes. The audit subsystem's excessive dput/dget calls during context setup and reset are addressed by adding a pool of extra fs->pwd references to fs_struct. This avoids the spinlock contention on the pwd dentry lock that was causing noticeable performance regressions on systems with many CPUs doing open/close with audit enabled. The directory locking centralization continues. The remaining places where explicit inode_lock(), lock_rename(), or similar are used outside the core VFS are converted to use the start_creating/start_removing/ start_renaming interfaces. The biggest changes are in overlayfs, with smaller conversions in cachefiles, nfsd, apparmor, and selinux. lock_rename(), lock_rename_child(), and unlock_rename() are unexported. The writeback subsystem gets new helper APIs and f2fs, gfs2, and nfs are converted to stop accessing writeback internals directly. Smaller items include namespace helper macros (FOR_EACH_NS_TYPE(), CLONE_NS_ALL), FAT timestamp conversion KUnit tests, removal of unused fs_context infrastructure now that the conversion is finished, a fix for architecture-specific compat_ftruncate64 enforcing the non-LFS file size limit, trivial ->setattr rename cleanups, dcache bucket count fixes, mbcache shrink work ordering fix, omfs superblock validation, a coredump tracepoint, dirent_size() helper, scoped user access conversion, runtime const for file/bfile caches, and permitting dynamic_dname()s up to NAME_MAX. Thanks! Christian
Hey Linus,
/* Summary */
The series introduces writeback helper APIs and converts f2fs, gfs2
and nfs to stop accessing writeback internals directly.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 9702969978695d9a699a1f34771580cdbb153b33:
Merge tag 'slab-for-7.0-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab (2026-02-16 13:41:38 -0800)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.writeback
for you to fetch changes up to 86566865986c4fa1963aace4ef5181501b2974c7:
Merge patch series "Avoid filesystem references to writeback internals" (2026-02-17 13:25:19 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.writeback
Please consider pulling these changes from the signed vfs-7.1-rc1.writeback tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (1):
Merge patch series "Avoid filesystem references to writeback internals"
Kundan Kumar (4):
writeback: prep helpers for dirty-limit and writeback accounting
f2fs: stop using writeback internals for dirty_exceeded checks
gfs2: stop using writeback internals for dirty_exceeded check
nfs: stop using writeback internals for WB_WRITEBACK accounting
fs/f2fs/node.c | 4 ++--
fs/f2fs/segment.h | 2 +-
fs/gfs2/super.c | 2 +-
fs/nfs/internal.h | 2 +-
fs/nfs/write.c | 3 +--
include/linux/backing-dev.h | 13 +++++++++++++
6 files changed, 19 insertions(+), 7 deletions(-)
The pull request you sent on Fri, 10 Apr 2026 17:16:11 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.writeback has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/0e58e3f1c57850f62afd40a642a7fe3417d80b21 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
Rework simple xattrs and support user.* xattrs on sockets
This reworks the simple_xattr infrastructure and adds support for
user.* extended attributes on sockets.
The simple_xattr subsystem currently uses an rbtree protected by a
reader-writer spinlock. This series replaces the rbtree with an
rhashtable giving O(1) average-case lookup with RCU-based lockless
reads. This sped up concurrent access patterns on tmpfs quite a bit
and it's an overall easy enough conversion to do and gets rid or
rwlock_t.
The conversion is done incrementally: a new rhashtable path is added
alongside the existing rbtree, consumers are migrated one at a time
(shmem, kernfs, pidfs), and then the rbtree code is removed. All three
consumers switch from embedded structs to pointer-based lazy
allocation so the rhashtable overhead is only paid for inodes that
actually use xattrs.
With this infrastructure in place the series adds support for user.*
xattrs on sockets. Path-based AF_UNIX sockets inherit xattr support
from the underlying filesystem (e.g. tmpfs) but sockets in sockfs -
that is everything created via socket() including abstract namespace
AF_UNIX sockets - had no xattr support at all.
The xattr_permission() checks are reworked to allow user.* xattrs on
S_IFSOCK inodes. Sockfs sockets get per-inode limits of 128 xattrs and
128KB total value size matching the limits already in use for kernfs.
The practical motivation comes from several directions. systemd and
GNOME are expanding their use of Varlink as an IPC mechanism. For
D-Bus there are tools like dbus-monitor that can observe IPC traffic
across the system but this only works because D-Bus has a central
broker. For Varlink there is no broker and there is currently no way
to identify which sockets speak Varlink. With user.* xattrs on sockets
a service can label its socket with the IPC protocol it speaks (e.g.,
user.varlink=1) and an eBPF program can then selectively capture
traffic on those sockets. Enumerating bound sockets via netlink
combined with these xattr labels gives a way to discover all Varlink
IPC entrypoints for debugging and introspection.
Similarly, systemd-journald wants to use xattrs on the /dev/log socket
for protocol negotiation to indicate whether RFC 5424 structured
syslog is supported or whether only the legacy RFC 3164 format should
be used.
In containers these labels are particularly useful as high-privilege
or more complicated solutions for socket identification aren't
available.
The series comes with comprehensive selftests covering path-based
AF_UNIX sockets, sockfs socket operations, per-inode limit
enforcement, and xattr operations across multiple address families
(AF_INET, AF_INET6, AF_NETLINK, AF_PACKET).
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.xattr
for you to fetch changes up to 98779186aa0b3367489a87c6d8bc0911f577444e:
Merge patch series "xattr: rework simple xattrs and support user.* xattrs on sockets" (2026-03-02 11:06:43 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.xattr
Please consider pulling these changes from the signed vfs-7.1-rc1.xattr tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (15):
xattr: add rcu_head and rhash_head to struct simple_xattr
xattr: add rhashtable-based simple_xattr infrastructure
shmem: adapt to rhashtable-based simple_xattrs with lazy allocation
kernfs: adapt to rhashtable-based simple_xattrs with lazy allocation
pidfs: adapt to rhashtable-based simple_xattrs
xattr: remove rbtree-based simple_xattr infrastructure
xattr: add xattr_permission_error()
xattr: switch xattr_permission() to switch statement
xattr: move user limits for xattrs to generic infra
xattr,net: support limited amount of extended attributes on sockfs sockets
xattr: support extended attributes on sockets
selftests/xattr: path-based AF_UNIX socket xattr tests
selftests/xattr: sockfs socket xattr tests
selftests/xattr: test xattrs on various socket families
Merge patch series "xattr: rework simple xattrs and support user.* xattrs on sockets"
fs/kernfs/dir.c | 15 +-
fs/kernfs/inode.c | 99 +----
fs/kernfs/kernfs-internal.h | 5 +-
fs/pidfs.c | 64 +--
fs/xattr.c | 423 +++++++++++++------
include/linux/kernfs.h | 2 -
include/linux/shmem_fs.h | 2 +-
include/linux/xattr.h | 47 ++-
mm/shmem.c | 46 +-
net/socket.c | 119 ++++--
.../testing/selftests/filesystems/xattr/.gitignore | 3 +
tools/testing/selftests/filesystems/xattr/Makefile | 6 +
.../filesystems/xattr/xattr_socket_test.c | 470 +++++++++++++++++++++
.../filesystems/xattr/xattr_socket_types_test.c | 177 ++++++++
.../filesystems/xattr/xattr_sockfs_test.c | 363 ++++++++++++++++
15 files changed, 1546 insertions(+), 295 deletions(-)
create mode 100644 tools/testing/selftests/filesystems/xattr/.gitignore
create mode 100644 tools/testing/selftests/filesystems/xattr/Makefile
create mode 100644 tools/testing/selftests/filesystems/xattr/xattr_socket_test.c
create mode 100644 tools/testing/selftests/filesystems/xattr/xattr_socket_types_test.c
create mode 100644 tools/testing/selftests/filesystems/xattr/xattr_sockfs_test.c
The pull request you sent on Fri, 10 Apr 2026 17:16:30 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.xattr has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/c8db08110cbeff12a1f3990a31730936b092f62b Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
Avoid excessive dput/dget in audit_context setup and reset paths When
the audit subsystem is enabled, it can do a lot of get_fs_pwd() calls to
get references to fs->pwd and then releasing those references back with
path_put() later. That may cause a lot of spinlock contention on a
single pwd's dentry lock because of the constant changes to the
reference count when there are many processes on the same working
directory actively doing open/close system calls. This can cause
noticeable performance regresssion when compared with the case where the
audit subsystem is turned off especially on systems with a lot of CPUs
which is becoming more common these days.
Avoid this type of performance regression caused by audit by adding a
new set of fs_struct helpers to reduce unncessary path_get() and
path_put() calls and the audit code is modified to use these new
helpers.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681:
Linux 7.0-rc3 (2026-03-08 16:56:54 -0700)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.fs_struct
for you to fetch changes up to 9eecc28ec595bfc0a8af3306b57f566027b3560c:
fs: factor out get_fs_pwd_pool_locked() for lock-held callers (2026-03-12 13:41:45 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.fs_struct
Please consider pulling these changes from the signed vfs-7.1-rc1.fs_struct tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (5):
Merge patch series "fs, audit: Avoid excessive dput/dget in audit_context setup and reset paths"
fs: use path_equal() in fs_struct helpers
fs: document seqlock usage in pwd pool APIs
fs: add drain_fs_pwd_pool() helper
fs: factor out get_fs_pwd_pool_locked() for lock-held callers
Waiman Long (2):
fs: Add a pool of extra fs->pwd references to fs_struct
audit: Use the new {get,put}_fs_pwd_pool() APIs to get/put pwd references
fs/fs_struct.c | 34 ++++++++++++++++++++++++++++------
fs/namespace.c | 10 ++++++++++
include/linux/fs_struct.h | 43 ++++++++++++++++++++++++++++++++++++++++++-
kernel/auditsc.c | 7 +++++--
4 files changed, 85 insertions(+), 9 deletions(-)
On Fri, 10 Apr 2026 at 08:18, Christian Brauner <brauner@kernel.org> wrote:
>
> Avoid excessive dput/dget in audit_context setup and reset paths
I really don't like this one, and I'm going to at least delay pulling it.
Because this really feels wrong to me. It feels like a hack. Just
looking at some of the paths that get modified, we have that
copy_fs_struct, which does
path_get(&fs->root);
to increment the root, and then the very next line ends up being
get_fs_pwd_pool_locked(old, &fs->pwd);
that copies the pwd very differently.
And the only reason 'pwd' is different is because the audit code
treats pwd and root differently.
And that, in turn, is because the audit code is just historical and
broken, and can't deal with chroot environments.
The pwd and root paths are two sides of the same coin, and any code
that treats them this differently is *wrong*.
So this basically takes a audit mistake, and makes that mistake
visible to non-audit users.
I absolutely hate it.
I'm going to think about this more, and maybe I'll end up saying "it's
still ugly, but whatever, I'll pull it anyway".
But right now I'm going "there HAS to be a better way".
And maybe you can convince me this hackery is the right thing, but it
really is rubbing me the wrong way entirely.
The hackery is evident everywhere. Like that
/* Release the extra pwd references of new_fs, if present. */
while (new_fs && new_fs->pwd_refs) {
path_put(&new_fs->pwd);
new_fs->pwd_refs--;
}
because it's obviously too painful to switch everything over to having
a "decrement by more than one", and this codepath is simply not
*worth* the pain, because it's just for a stupid audit special case
that is largely historical.
So I see why this all is done, but at the same time it realy strikes
me as being very very ugly.
No, I don't have a solution.
My gut feel is that
(a) audit is wrong to begin with to think that only 'pwd' is special
and that root is always printed as NULL
(b) audit should not be taking a ref 'struct path' in the first
place, but to 'struct fs_struct'.
Again, treating 'pwd' differently from root is a fundamental mistake.
Always was. The only difference between the two is whether you had '/'
at the beginning of a path or not (and the trivial 'different system
calls to set them').
But as long as it was a mistake just inside the audit path, who cares?
But with this pull it's just broken garbage escaping outside those confines.
So for example, I'd be a *lot* happier with some kind of "borrow the
whole 'struct fs_struct'" model, where audit gets a new "borrow
reference" to the whole struct, and then the places that actually
change 'struct fs_struct' would create a copy of it and replace any
pending audit users with that copy.
There are exactly three such places that change it, all right next to
each other: set_fs_root(), set_fs_pwd() and chroot_fs_refs().
And we already have the lock that protects all this (fs->seq), and we
could add a new 'struct audit_borrow_struct" that audit uses, which
has a pointer to the 'struct fs_struct',
And then audit would borrow the whole thing, we'd keep a list of
current borrowers and unborrow it at the end, and absolutely *NOTHING*
would change in the core path handling.
The couple of places that change 'struct fs_struct' could then just
look at the list of borrowers synchronize them (create a new fake
'struct fs_struct' just for them, and maybe increment refs at *that*
point).
And it would actually *improve* on the audit code, because now audit
would at least *have* the 'root' path too, even though it obviously
doesn't use it and always thinks root is a global root thing.
And no, nobody would ever bother to fix audit, but at least
_conceptually_ it would set the infrastructure for the audit paths
getting this right.
Yes, yes, the above is very very handwavy and I didn't write the code,
and possibly the rantings of an insane person.
I didn't think a *lot* about this. I just looked at this patch series
and threw up in my mouth a little, and tried to think of "maybe we
could do it differently" and the above is a rough draft of something
that might work.
Please? Humor me and think about it, at least.
Linus
On Mon, Apr 13, 2026 at 12:18:16PM -0700, Linus Torvalds wrote: > On Fri, 10 Apr 2026 at 08:18, Christian Brauner <brauner@kernel.org> wrote: > > > > Avoid excessive dput/dget in audit_context setup and reset paths > > I really don't like this one, and I'm going to at least delay pulling it. I don't like it either. > Because this really feels wrong to me. It feels like a hack. Just It is. I commented on that explicitly when the series was proposed. > looking at some of the paths that get modified, we have that > copy_fs_struct, which does > > path_get(&fs->root); > > to increment the root, and then the very next line ends up being > > get_fs_pwd_pool_locked(old, &fs->pwd); > > that copies the pwd very differently. > > And the only reason 'pwd' is different is because the audit code > treats pwd and root differently. > > And that, in turn, is because the audit code is just historical and > broken, and can't deal with chroot environments. > > The pwd and root paths are two sides of the same coin, and any code > that treats them this differently is *wrong*. > > So this basically takes a audit mistake, and makes that mistake > visible to non-audit users. > > I absolutely hate it. > > I'm going to think about this more, and maybe I'll end up saying "it's > still ugly, but whatever, I'll pull it anyway". > > But right now I'm going "there HAS to be a better way". > > And maybe you can convince me this hackery is the right thing, but it It isn't and I'm not going to try. > really is rubbing me the wrong way entirely. I'm sorry I can't offer more than agreement with you right now. The only reason I considered it was that my appetetite for audit internals is very very low but tbh that shouldn't have led me to accept the hackishness. So again, no long-winded argument from me here... I droped this from the other pr. The CI is still running then I'll resend.
Hey Linus,
/* Summary */
For historical reasons, the inode->i_ino field is an unsigned long,
which means that it's 32 bits on 32 bit architectures. This has caused a
number of filesystems to implement hacks to hash a 64-bit identifier
into a 32-bit field, and deprives us of a universal identifier field for
an inode.
The work in this pr changes the inode->i_ino field from an unsigned long
to a u64. This shouldn't make any material difference on 64-bit hosts,
but 32-bit hosts will see struct inode grow by at least 4 bytes. This
could have effects on slabcache sizes and field alignment.
The bulk of the changes are to format strings and tracepoints, since the
kernel itself doesn't care that much about the i_ino field. The first
patch changes some vfs function arguments, so check that one out
carefully.
With this change, we may be able to shrink some inode structures. For
instance, struct nfs_inode has a fileid field that holds the 64-bit
inode number. With this set of changes, that field could be eliminated.
I'd rather leave that sort of cleanups for later just to keep this
simple.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
[1]: https://lore.kernel.org/linux-next/CAHC9VhRndi9kMUNQFA9J1exr2G0uQ-A-wKDqJLhUntMYdnUrsQ@mail.gmail.com
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.kino
for you to fetch changes up to 2e43ca1a4f949e4beb763f8196695da02b17bd77:
Merge patch series "vfs: follow-on fixes for i_ino widening" (2026-03-17 15:38:54 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.kino
Please consider pulling these changes from the signed vfs-7.1-rc1.kino tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (4):
Merge patch series "vfs: change inode->i_ino from unsigned long to u64"
ext4: fix signed format specifier in ext4_load_inode trace event
treewide: fix missed i_ino format specifier conversions
Merge patch series "vfs: follow-on fixes for i_ino widening"
Jeff Layton (15):
vfs: widen inode hash/lookup functions to u64
audit: widen ino fields to u64
net: change sock.sk_ino and sock_i_ino() to u64
vfs: widen trace event i_ino fields to u64
cachefiles: widen trace event i_ino fields to u64
ext2: widen trace event i_ino fields to u64
hugetlbfs: widen trace event i_ino fields to u64
zonefs: widen trace event i_ino fields to u64
ext4: widen trace event i_ino fields to u64
f2fs: widen trace event i_ino fields to u64
nilfs2: widen trace event i_ino fields to u64
treewide: change inode->i_ino from unsigned long to u64
vfs: remove externs from fs.h on functions modified by i_ino widening
EVM: add comment describing why ino field is still unsigned long
nilfs2: fix 64-bit division operations in nilfs_bmap_find_target_in_group()
drivers/dma-buf/dma-buf.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 +-
fs/9p/vfs_addr.c | 4 +-
fs/9p/vfs_inode.c | 6 +-
fs/9p/vfs_inode_dotl.c | 6 +-
fs/affs/amigaffs.c | 10 +-
fs/affs/bitmap.c | 2 +-
fs/affs/dir.c | 2 +-
fs/affs/file.c | 20 +-
fs/affs/inode.c | 12 +-
fs/affs/namei.c | 14 +-
fs/affs/symlink.c | 2 +-
fs/afs/dir.c | 10 +-
fs/afs/dir_search.c | 2 +-
fs/afs/dynroot.c | 2 +-
fs/afs/inode.c | 2 +-
fs/autofs/inode.c | 2 +-
fs/befs/linuxvfs.c | 28 +-
fs/bfs/dir.c | 4 +-
fs/binfmt_elf_fdpic.c | 2 +-
fs/cachefiles/io.c | 6 +-
fs/cachefiles/namei.c | 12 +-
fs/cachefiles/xattr.c | 2 +-
fs/ceph/crypto.c | 4 +-
fs/coda/dir.c | 2 +-
fs/coda/inode.c | 2 +-
fs/cramfs/inode.c | 2 +-
fs/crypto/crypto.c | 2 +-
fs/crypto/hooks.c | 2 +-
fs/crypto/keyring.c | 4 +-
fs/crypto/keysetup.c | 2 +-
fs/dcache.c | 4 +-
fs/ecryptfs/crypto.c | 6 +-
fs/ecryptfs/file.c | 2 +-
fs/efs/inode.c | 6 +-
fs/eventpoll.c | 2 +-
fs/exportfs/expfs.c | 4 +-
fs/ext2/dir.c | 10 +-
fs/ext2/ialloc.c | 9 +-
fs/ext2/inode.c | 2 +-
fs/ext2/trace.h | 8 +-
fs/ext2/xattr.c | 16 +-
fs/ext4/dir.c | 2 +-
fs/ext4/ext4.h | 4 +-
fs/ext4/extents.c | 8 +-
fs/ext4/extents_status.c | 28 +-
fs/ext4/fast_commit.c | 8 +-
fs/ext4/ialloc.c | 10 +-
fs/ext4/indirect.c | 2 +-
fs/ext4/inline.c | 14 +-
fs/ext4/inode.c | 22 +-
fs/ext4/ioctl.c | 4 +-
fs/ext4/mballoc.c | 6 +-
fs/ext4/migrate.c | 2 +-
fs/ext4/move_extent.c | 20 +-
fs/ext4/namei.c | 10 +-
fs/ext4/orphan.c | 16 +-
fs/ext4/page-io.c | 10 +-
fs/ext4/super.c | 22 +-
fs/ext4/xattr.c | 10 +-
fs/f2fs/compress.c | 4 +-
fs/f2fs/dir.c | 2 +-
fs/f2fs/extent_cache.c | 8 +-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/file.c | 12 +-
fs/f2fs/gc.c | 2 +-
fs/f2fs/inline.c | 4 +-
fs/f2fs/inode.c | 48 +--
fs/f2fs/namei.c | 8 +-
fs/f2fs/node.c | 12 +-
fs/f2fs/recovery.c | 10 +-
fs/f2fs/xattr.c | 10 +-
fs/freevxfs/vxfs_bmap.c | 4 +-
fs/fserror.c | 2 +-
fs/hfs/catalog.c | 2 +-
fs/hfs/extent.c | 4 +-
fs/hfs/inode.c | 4 +-
fs/hfsplus/attributes.c | 10 +-
fs/hfsplus/catalog.c | 2 +-
fs/hfsplus/dir.c | 6 +-
fs/hfsplus/extents.c | 6 +-
fs/hfsplus/inode.c | 8 +-
fs/hfsplus/super.c | 6 +-
fs/hfsplus/xattr.c | 10 +-
fs/hpfs/dir.c | 4 +-
fs/hpfs/dnode.c | 4 +-
fs/hpfs/ea.c | 4 +-
fs/hpfs/inode.c | 4 +-
fs/inode.c | 49 ++-
fs/iomap/ioend.c | 2 +-
fs/iomap/trace.h | 8 +-
fs/isofs/compress.c | 2 +-
fs/isofs/dir.c | 2 +-
fs/isofs/inode.c | 8 +-
fs/isofs/namei.c | 2 +-
fs/jbd2/journal.c | 4 +-
fs/jbd2/transaction.c | 2 +-
fs/jffs2/dir.c | 4 +-
fs/jffs2/file.c | 4 +-
fs/jffs2/fs.c | 18 +-
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_imap.c | 2 +-
fs/jfs/jfs_metapage.c | 2 +-
fs/lockd/svclock.c | 8 +-
fs/lockd/svcsubs.c | 2 +-
fs/locks.c | 6 +-
fs/minix/inode.c | 10 +-
fs/nfs/dir.c | 20 +-
fs/nfs/file.c | 8 +-
fs/nfs/filelayout/filelayout.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 8 +-
fs/nfs/inode.c | 6 +-
fs/nfs/nfs4proc.c | 4 +-
fs/nfs/pnfs.c | 12 +-
fs/nfsd/export.c | 2 +-
fs/nfsd/nfs4state.c | 4 +-
fs/nfsd/nfsfh.c | 4 +-
fs/nfsd/vfs.c | 2 +-
fs/nilfs2/alloc.c | 10 +-
fs/nilfs2/bmap.c | 17 +-
fs/nilfs2/btnode.c | 2 +-
fs/nilfs2/btree.c | 12 +-
fs/nilfs2/dir.c | 12 +-
fs/nilfs2/direct.c | 4 +-
fs/nilfs2/gcinode.c | 2 +-
fs/nilfs2/inode.c | 8 +-
fs/nilfs2/mdt.c | 2 +-
fs/nilfs2/namei.c | 2 +-
fs/nilfs2/segment.c | 2 +-
fs/notify/fdinfo.c | 4 +-
fs/nsfs.c | 4 +-
fs/ntfs3/super.c | 2 +-
fs/ocfs2/alloc.c | 2 +-
fs/ocfs2/aops.c | 4 +-
fs/ocfs2/dir.c | 8 +-
fs/ocfs2/dlmfs/dlmfs.c | 10 +-
fs/ocfs2/extent_map.c | 12 +-
fs/ocfs2/inode.c | 2 +-
fs/ocfs2/quota_local.c | 2 +-
fs/ocfs2/refcounttree.c | 10 +-
fs/ocfs2/xattr.c | 4 +-
fs/orangefs/inode.c | 2 +-
fs/overlayfs/export.c | 2 +-
fs/overlayfs/namei.c | 4 +-
fs/overlayfs/util.c | 2 +-
fs/pipe.c | 2 +-
fs/proc/fd.c | 2 +-
fs/proc/task_mmu.c | 4 +-
fs/qnx4/inode.c | 4 +-
fs/qnx6/inode.c | 2 +-
fs/ubifs/debug.c | 8 +-
fs/ubifs/dir.c | 28 +-
fs/ubifs/file.c | 28 +-
fs/ubifs/journal.c | 6 +-
fs/ubifs/super.c | 16 +-
fs/ubifs/tnc.c | 4 +-
fs/ubifs/xattr.c | 14 +-
fs/udf/directory.c | 18 +-
fs/udf/file.c | 2 +-
fs/udf/inode.c | 12 +-
fs/udf/namei.c | 8 +-
fs/udf/super.c | 2 +-
fs/ufs/balloc.c | 6 +-
fs/ufs/dir.c | 10 +-
fs/ufs/ialloc.c | 6 +-
fs/ufs/inode.c | 18 +-
fs/ufs/ufs_fs.h | 6 +-
fs/ufs/util.c | 2 +-
fs/verity/init.c | 2 +-
fs/zonefs/super.c | 8 +-
fs/zonefs/trace.h | 18 +-
include/linux/audit.h | 2 +-
include/linux/fs.h | 88 +++--
include/net/sock.h | 4 +-
include/trace/events/cachefiles.h | 18 +-
include/trace/events/ext4.h | 544 ++++++++++++++---------------
include/trace/events/f2fs.h | 242 ++++++-------
include/trace/events/filelock.h | 34 +-
include/trace/events/filemap.h | 20 +-
include/trace/events/fs_dax.h | 20 +-
include/trace/events/fsverity.h | 30 +-
include/trace/events/hugetlbfs.h | 42 +--
include/trace/events/netfs.h | 8 +-
include/trace/events/nilfs2.h | 12 +-
include/trace/events/readahead.h | 18 +-
include/trace/events/timestamp.h | 16 +-
include/trace/events/writeback.h | 162 ++++-----
kernel/audit.h | 13 +-
kernel/audit_fsnotify.c | 4 +-
kernel/audit_watch.c | 12 +-
kernel/auditsc.c | 4 +-
kernel/events/uprobes.c | 4 +-
net/ax25/af_ax25.c | 2 +-
net/bluetooth/af_bluetooth.c | 4 +-
net/can/bcm.c | 2 +-
net/ipv4/ping.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv4/tcp_ipv4.c | 2 +-
net/ipv4/udp.c | 2 +-
net/ipv6/datagram.c | 2 +-
net/ipv6/tcp_ipv6.c | 2 +-
net/key/af_key.c | 2 +-
net/netlink/af_netlink.c | 2 +-
net/netlink/diag.c | 2 +-
net/netrom/af_netrom.c | 4 +-
net/packet/af_packet.c | 2 +-
net/packet/diag.c | 2 +-
net/phonet/socket.c | 4 +-
net/rose/af_rose.c | 4 +-
net/sctp/proc.c | 4 +-
net/socket.c | 2 +-
net/unix/af_unix.c | 2 +-
net/unix/diag.c | 6 +-
net/x25/x25_proc.c | 4 +-
net/xdp/xsk_diag.c | 2 +-
security/apparmor/apparmorfs.c | 4 +-
security/integrity/evm/evm_crypto.c | 6 +
security/integrity/integrity_audit.c | 2 +-
security/ipe/audit.c | 2 +-
security/lsm_audit.c | 10 +-
security/selinux/hooks.c | 10 +-
security/smack/smack_lsm.c | 12 +-
222 files changed, 1331 insertions(+), 1321 deletions(-)
The pull request you sent on Fri, 10 Apr 2026 17:18:42 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.kino has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/b7d74ea0fdaa8d641fe6f18507c5f0d21b652d53 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
This contains minor fixes for the fat filesystem.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681:
Linux 7.0-rc3 (2026-03-08 16:56:54 -0700)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.fat
for you to fetch changes up to 94505767bd32f8a240cf3590776b16a12d75d98e:
fat: fix stack frame size warnings in KUnit tests (2026-03-26 14:36:03 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.fat
Please consider pulling these changes from the signed vfs-7.1-rc1.fat tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (1):
fat: fix stack frame size warnings in KUnit tests
avivdaum (1):
fat: add KUnit tests for timestamp conversion helpers
fs/fat/fat_test.c | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++---
fs/fat/misc.c | 2 +
2 files changed, 175 insertions(+), 8 deletions(-)
The pull request you sent on Fri, 10 Apr 2026 17:19:02 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.fat has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/2802f9407299c8e17bb8e1311e2ea7816f550649 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
Add two simple helper macros for the namespace infrastructure.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681:
Linux 7.0-rc3 (2026-03-08 16:56:54 -0700)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/namespaces-7.1-rc1.misc
for you to fetch changes up to 935a04923ad293cd89bf6ec23fc4efc9cf1a0142:
nsproxy: Add FOR_EACH_NS_TYPE() X-macro and CLONE_NS_ALL (2026-03-26 15:22:41 +0100)
----------------------------------------------------------------
namespaces-7.1-rc1.misc
Please consider pulling these changes from the signed namespaces-7.1-rc1.misc tag.
Thanks!
Christian
----------------------------------------------------------------
Mickaël Salaün (1):
nsproxy: Add FOR_EACH_NS_TYPE() X-macro and CLONE_NS_ALL
include/linux/ns/ns_common_types.h | 44 +++++++++++++++++++++++++++++---------
kernel/fork.c | 7 +++---
kernel/nsproxy.c | 13 ++++-------
3 files changed, 41 insertions(+), 23 deletions(-)
The pull request you sent on Fri, 10 Apr 2026 17:19:43 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/namespaces-7.1-rc1.misc has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/dc0dfa73381bc8b2ebd298face5dbe7e240cd80c Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
Add three new clone3() flags for pidfd-based process lifecycle
management.
=== CLONE_AUTOREAP ===
CLONE_AUTOREAP makes a child process auto-reap on exit without ever
becoming a zombie. This is a per-process property in contrast to the
existing auto-reap mechanism via SA_NOCLDWAIT or SIG_IGN for SIGCHLD
which applies to all children of a given parent.
Currently the only way to automatically reap children is to set
SA_NOCLDWAIT or SIG_IGN on SIGCHLD. This is a parent-scoped property
affecting all children which makes it unsuitable for libraries or
applications that need selective auto-reaping of specific children
while still being able to wait() on others.
CLONE_AUTOREAP stores an autoreap flag in the child's signal_struct.
When the child exits do_notify_parent() checks this flag and causes
exit_notify() to transition the task directly to EXIT_DEAD. Since the
flag lives on the child it survives reparenting: if the original
parent exits and the child is reparented to a subreaper or init the
child still auto-reaps when it eventually exits. This is cleaner than
forcing the subreaper to get SIGCHLD and then reaping it. If the
parent doesn't care the subreaper won't care. If there's a subreaper
that would care it would be easy enough to add a prctl() that either
just turns back on SIGCHLD and turns off auto-reaping or a prctl()
that just notifies the subreaper whenever a child is reparented to it.
CLONE_AUTOREAP can be combined with CLONE_PIDFD to allow the parent to
monitor the child's exit via poll() and retrieve exit status via
PIDFD_GET_INFO. Without CLONE_PIDFD it provides a fire-and-forget
pattern. No exit signal is delivered so exit_signal must be zero.
CLONE_THREAD and CLONE_PARENT are rejected: CLONE_THREAD because
autoreap is a process-level property, and CLONE_PARENT because an
autoreap child reparented via CLONE_PARENT could become an invisible
zombie under a parent that never calls wait().
The flag is not inherited by the autoreap process's own children. Each
child that should be autoreaped must be explicitly created with
CLONE_AUTOREAP.
=== CLONE_NNP ===
CLONE_NNP sets no_new_privs on the child at clone time. Unlike
prctl(PR_SET_NO_NEW_PRIVS) which a process sets on itself, CLONE_NNP
allows the parent to impose no_new_privs on the child at creation
without affecting the parent's own privileges. CLONE_THREAD is
rejected because threads share credentials. CLONE_NNP is useful on its
own for any spawn-and-sandbox pattern but was specifically introduced
to enable unprivileged usage of CLONE_PIDFD_AUTOKILL.
=== CLONE_PIDFD_AUTOKILL ===
This flag ties a child's lifetime to the pidfd returned from clone3().
When the last reference to the struct file created by clone3() is
closed the kernel sends SIGKILL to the child. A pidfd obtained via
pidfd_open() for the same process does not keep the child alive and
does not trigger autokill - only the specific struct file from
clone3() has this property. This is useful for container runtimes,
service managers, and sandboxed subprocess execution - any scenario
where the child must die if the parent crashes or abandons the pidfd
or just wants a throwaway helper process.
CLONE_PIDFD_AUTOKILL requires both CLONE_PIDFD and CLONE_AUTOREAP. It
requires CLONE_PIDFD because the whole point is tying the child's
lifetime to the pidfd. It requires CLONE_AUTOREAP because a killed
child with no one to reap it would become a zombie - the primary use
case is the parent crashing or abandoning the pidfd so no one is
around to call waitpid(). CLONE_THREAD is rejected because autokill
targets a process not a thread.
If CLONE_NNP is specified together with CLONE_PIDFD_AUTOKILL an
unprivileged user may spawn a process that is autokilled. The child
cannot escalate privileges via setuid/setgid exec after being spawned.
If CLONE_PIDFD_AUTOKILL is specified without CLONE_NNP the caller must
have have CAP_SYS_ADMIN in its user namespace.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.pidfs
for you to fetch changes up to d29eb5f0ce674cfe71b93f8ff67dc0f66e6a9371:
Merge patch series "pidfds: add coredump_code field to pidfd_info" (2026-03-23 16:29:22 +0100)
----------------------------------------------------------------
vfs-7.1-rc1.pidfs
Please consider pulling these changes from the signed vfs-7.1-rc1.pidfs tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (8):
clone: add CLONE_AUTOREAP
clone: add CLONE_NNP
pidfd: add CLONE_PIDFD_AUTOKILL
selftests/pidfd: add CLONE_AUTOREAP tests
selftests/pidfd: add CLONE_NNP tests
selftests/pidfd: add CLONE_PIDFD_AUTOKILL tests
Merge patch series "pidfd: add CLONE_AUTOREAP, CLONE_NNP, and CLONE_PIDFD_AUTOKILL"
Merge patch series "pidfds: add coredump_code field to pidfd_info"
Emanuele Rocca (3):
kselftest/coredump: reintroduce null pointer dereference
pidfds: add coredump_code field to pidfd_info
selftests: check pidfd_info->coredump_code correctness
fs/pidfs.c | 50 +-
include/linux/sched/signal.h | 1 +
include/uapi/linux/pidfd.h | 5 +
include/uapi/linux/sched.h | 7 +-
kernel/fork.c | 52 +-
kernel/ptrace.c | 3 +-
kernel/signal.c | 4 +
.../coredump/coredump_socket_protocol_test.c | 26 +
.../selftests/coredump/coredump_socket_test.c | 32 +
.../selftests/coredump/coredump_test_helpers.c | 6 +-
tools/testing/selftests/pidfd/.gitignore | 1 +
tools/testing/selftests/pidfd/Makefile | 2 +-
tools/testing/selftests/pidfd/pidfd.h | 5 +
.../testing/selftests/pidfd/pidfd_autoreap_test.c | 900 +++++++++++++++++++++
tools/testing/selftests/pidfd/pidfd_info_test.c | 1 +
15 files changed, 1075 insertions(+), 20 deletions(-)
create mode 100644 tools/testing/selftests/pidfd/pidfd_autoreap_test.c
The pull request you sent on Fri, 10 Apr 2026 17:21:05 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-7.1-rc1.pidfs has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/07c3ef58223e2c75ea209d8c416b976ec30d9413 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Hey Linus,
/* Summary */
Features
- pid_namespace: make init creation more flexible
Annotate ->child_reaper accesses with {READ,WRITE}_ONCE() to protect
the unlocked readers from cpu/compiler reordering, and enforce that
pid 1 in a pid namespace is always the first allocated pid (the
set_tid path already required this).
On top of that, allow opening pid_for_children before the pid
namespace init has been created. This lets one process create the
pid namespace and a different process create the init via setns(),
which makes clone3(set_tid) usable in all cases evenly and is
particularly useful to CRIU when restoring nested containers.
A new selftest covers both the basic create-pidns-then-init flow and
the cross-process variant, and a MAINTAINERS entry for the pid
namespace code is added.
Cleanups
- signal: update outdated comment for the removed freezable_schedule()
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
No known conflicts.
The following changes since commit 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681:
Linux 7.0-rc3 (2026-03-08 16:56:54 -0700)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/kernel-7.1-rc1.misc
for you to fetch changes up to 4c68d150246d7e1d826a807a82e6eb6b4669f42c:
signal: update outdated comment for removed freezable_schedule() (2026-03-23 16:38:31 +0100)
----------------------------------------------------------------
kernel-7.1-rc1.misc
Please consider pulling these changes from the signed kernel-7.1-rc1.misc tag.
Thanks!
Christian
----------------------------------------------------------------
Christian Brauner (1):
Merge patch series "pid_namespace: make init creation more flexible"
Kexin Sun (1):
signal: update outdated comment for removed freezable_schedule()
Pavel Tikhomirov (5):
pid_namespace: avoid optimization of accesses to ->child_reaper
pid: check init is created first after idr alloc
pid_namespace: allow opening pid_for_children before init was created
selftests: Add tests for creating pidns init via setns
MAINTAINERS: add a pid namespace entry
MAINTAINERS | 11 +-
kernel/exit.c | 3 +-
kernel/fork.c | 5 +-
kernel/pid.c | 19 +-
kernel/pid_namespace.c | 9 -
kernel/signal.c | 5 +-
tools/testing/selftests/pid_namespace/.gitignore | 1 +
tools/testing/selftests/pid_namespace/Makefile | 2 +-
.../selftests/pid_namespace/pidns_init_via_setns.c | 238 +++++++++++++++++++++
9 files changed, 269 insertions(+), 24 deletions(-)
create mode 100644 tools/testing/selftests/pid_namespace/pidns_init_via_setns.c
The pull request you sent on Tue, 14 Apr 2026 14:46:36 +0200: > git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/kernel-7.1-rc1.misc has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/5c0f43e8535d619ff32400e2e916075109fc7a56 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
© 2016 - 2026 Red Hat, Inc.