From: Al Viro <viro@zeniv.linux.org.uk>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Askar Safin <safinaskar@gmail.com>,
christian@brauner.io, cyphar@cyphar.com, jack@suse.cz,
linux-fsdevel@vger.kernel.org, torvalds@linux-foundation.org,
werner@almesberger.net
Subject: Re: [RFC] pivot_root(2) races
Date: Fri, 13 Feb 2026 22:25:21 +0000 [thread overview]
Message-ID: <20260213222521.GQ3183987@ZenIV> (raw)
In-Reply-To: <1caf6a70-e49b-42c7-81d0-bd0d6f5027bf@zytor.com>
On Fri, Feb 13, 2026 at 12:27:46PM -0800, H. Peter Anvin wrote:
> On 2026-02-13 09:47, Askar Safin wrote:
> > "H. Peter Anvin" <hpa@zytor.com>:
> >> It would be interesting to see how much would break if pivot_root() was restricted (with kernel threads parked in nullfs safely out of the way.)
> >
> > As well as I understand, kernel threads need to follow real root directory,
> > because they sometimes load firmware from /lib/firmware and call
> > user mode helpers, such as modprobe.
> >
>
> If they are parked in nullfs, which is always overmounted by the global root,
> that should Just Work[TM]. Path resolution based on that directory should
> follow the mount point unless I am mistaken (which is possible, the Linux vfs
> has changed a lot since the last time I did a deep dive.)
You are, and it had always been that way. We do *not* follow mounts at
the starting point. /../lib would work, /lib won't. I'd love to deal with
that wart, but that would break early boot on unknown number of boxen and
breakage that early is really unpleasant to debug.
next prev parent reply other threads:[~2026-02-13 22:23 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 0:34 [RFC] pivot_root(2) races Al Viro
2026-02-09 5:49 ` Linus Torvalds
2026-02-09 5:53 ` H. Peter Anvin
2026-02-09 6:34 ` Al Viro
2026-02-09 6:44 ` Linus Torvalds
2026-02-09 11:53 ` Christian Brauner
2026-02-12 17:17 ` Askar Safin
2026-02-12 19:11 ` Linus Torvalds
2026-02-12 19:31 ` H. Peter Anvin
2026-02-13 9:51 ` Aleksa Sarai
2026-02-13 17:47 ` Askar Safin
2026-02-13 20:27 ` H. Peter Anvin
2026-02-13 20:35 ` H. Peter Anvin
2026-02-13 22:25 ` Al Viro [this message]
2026-02-13 23:00 ` H. Peter Anvin
2026-02-13 23:41 ` Al Viro
2026-02-13 23:40 ` H. Peter Anvin
2026-02-14 12:42 ` Christian Brauner
2026-02-15 0:48 ` H. Peter Anvin
2026-02-17 8:37 ` Christian Brauner
2026-02-14 16:20 ` Askar Safin
2026-02-15 0:49 ` H. Peter Anvin
2026-02-13 13:46 ` Aleksa Sarai
2026-02-13 15:03 ` H. Peter Anvin
2026-02-13 17:47 ` Linus Torvalds
2026-02-13 18:27 ` Askar Safin
2026-02-13 18:39 ` Linus Torvalds
2026-02-13 20:00 ` H. Peter Anvin
2026-02-14 15:31 ` Askar Safin
2026-02-15 0:52 ` H. Peter Anvin
2026-02-14 12:15 ` Christian Brauner
2026-02-14 16:18 ` Linus Torvalds
2026-02-14 17:40 ` Al Viro
2026-02-17 8:35 ` Christian Brauner
2026-02-13 18:42 ` H. Peter Anvin
2026-02-13 20:08 ` H. Peter Anvin
2026-02-12 19:22 ` Al Viro
2026-02-13 17:34 ` Askar Safin
2026-02-13 22:28 ` Al Viro
2026-02-14 16:16 ` Askar Safin
2026-02-12 13:23 ` Askar Safin
2026-02-12 19:25 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260213222521.GQ3183987@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=hpa@zytor.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=safinaskar@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=werner@almesberger.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox