From: Linus Torvalds Date: Mon, 16 Feb 2026 21:00:36 +0000 (-0800) Subject: Merge tag 'vfs-7.0-rc1.misc.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45a43ac5acc90b8f4835eea92692f620e561a06b;p=thirdparty%2Flinux.git Merge tag 'vfs-7.0-rc1.misc.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs Pull more misc vfs updates from Christian Brauner: "Features: - Optimize close_range() from O(range size) to O(active FDs) by using find_next_bit() on the open_fds bitmap instead of linearly scanning the entire requested range. This is a significant improvement for large-range close operations on sparse file descriptor tables. - Add FS_XFLAG_VERITY file attribute for fs-verity files, retrievable via FS_IOC_FSGETXATTR and file_getattr(). The flag is read-only. Add tracepoints for fs-verity enable and verify operations, replacing the previously removed debug printk's. - Prevent nfsd from exporting special kernel filesystems like pidfs and nsfs. These filesystems have custom ->open() and ->permission() export methods that are designed for open_by_handle_at(2) only and are incompatible with nfsd. Update the exportfs documentation accordingly. Fixes: - Fix KMSAN uninit-value in ovl_fill_real() where strcmp() was used on a non-null-terminated decrypted directory entry name from fscrypt. This triggered on encrypted lower layers when the decrypted name buffer contained uninitialized tail data. The fix also adds VFS-level name_is_dot(), name_is_dotdot(), and name_is_dot_dotdot() helpers, replacing various open-coded "." and ".." checks across the tree. - Fix read-only fsflags not being reset together with xflags in vfs_fileattr_set(). Currently harmless since no read-only xflags overlap with flags, but this would cause inconsistencies for any future shared read-only flag - Return -EREMOTE instead of -ESRCH from PIDFD_GET_INFO when the target process is in a different pid namespace. This lets userspace distinguish "process exited" from "process in another namespace", matching glibc's pidfd_getpid() behavior Cleanups: - Use C-string literals in the Rust seq_file bindings, replacing the kernel::c_str!() macro (available since Rust 1.77) - Fix typo in d_walk_ret enum comment, add porting notes for the readlink_copy() calling convention change" * tag 'vfs-7.0-rc1.misc.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: fs: add porting notes about readlink_copy() pidfs: return -EREMOTE when PIDFD_GET_INFO is called on another ns nfsd: do not allow exporting of special kernel filesystems exportfs: clarify the documentation of open()/permission() expotrfs ops fsverity: add tracepoints fs: add FS_XFLAG_VERITY for fs-verity files rust: seq_file: replace `kernel::c_str!` with C-Strings fs: dcache: fix typo in enum d_walk_ret comment ovl: use name_is_dot* helpers in readdir code fs: add helpers name_is_dot{,dot,_dotdot} ovl: Fix uninit-value in ovl_fill_real fs: reset read-only fsflags together with xflags fs/file: optimize close_range() complexity from O(N) to O(Sparse) --- 45a43ac5acc90b8f4835eea92692f620e561a06b diff --cc Documentation/filesystems/porting.rst index 79e2c30082891,bd4128ccbb67e..52ff1d19405be --- a/Documentation/filesystems/porting.rst +++ b/Documentation/filesystems/porting.rst @@@ -1336,18 -1339,8 +1336,28 @@@ in-tree filesystems have done) **mandatory** +The ->setlease() file_operation must now be explicitly set in order to provide +support for leases. When set to NULL, the kernel will now return -EINVAL to +attempts to set a lease. Filesystems that wish to use the kernel-internal lease +implementation should set it to generic_setlease(). + +--- + +**mandatory** + +fs/namei.c primitives that consume filesystem references (do_renameat2(), +do_linkat(), do_symlinkat(), do_mkdirat(), do_mknodat(), do_unlinkat() +and do_rmdir()) are gone; they are replaced with non-consuming analogues +(filename_renameat2(), etc.) +Callers are adjusted - responsibility for dropping the filenames belongs +to them now. ++ ++--- ++ ++**mandatory** ++ + readlink_copy() now requires link length as the 4th argument. Said length needs + to match what strlen() would return if it was ran on the string. + + However, if the string is freely accessible for the duration of inode's + lifetime, consider using inode_set_cached_link() instead. diff --cc fs/verity/enable.c index c9448074cce17,8718d943b4282..42dfed1ce0ce6 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@@ -265,26 -266,11 +267,28 @@@ static int enable_verity(struct file *f goto rollback; } + trace_fsverity_tree_done(inode, vi, ¶ms); + + /* + * Add the fsverity_info into the hash table before finishing the + * initialization so that we don't have to undo the enabling when memory + * allocation for the hash table fails. This is safe because looking up + * the fsverity_info always first checks the S_VERITY flag on the inode, + * which will only be set at the very end of the ->end_enable_verity + * method. + */ + err = fsverity_set_info(vi); + if (err) { + fsverity_free_info(vi); + goto rollback; + } + /* * Tell the filesystem to finish enabling verity on the file. - * Serialized with ->begin_enable_verity() by the inode lock. + * Serialized with ->begin_enable_verity() by the inode lock. The file + * system needs to set the S_VERITY flag on the inode at the very end of + * the method, at which point the fsverity information can be accessed + * by other threads. */ inode_lock(inode); err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size);