[PATCHES] file->f_path safety and struct path constifications

[PATCHES] file->f_path safety and struct path constifications

[Al Viro]

	struct path is embedded into several objects, starting with
struct file.  In a lot of places we rely upon e.g. file->f_path of an
opened file remaining unchanging; things like "ask for write access to
file->f_path.mnt when opening for write, release that on final fput()"
would break badly if ->f_path.mnt could change between those.  It's not
the only place like that; both VFS and filesystems expect that to hold.
Anything that would want to play silly buggers with that would have to be
_very_ careful and would be rather brittle, at that.  It's not impossible
to get away with, but any such place is a source of headache for proofs
of correctness, as well as a likely cause of bugs in the future.

	Unfortunately, verifying that turns into several hours of manual
audit that has to be repeated once in a while and I'm sick and tired of
doing that.  Let the compiler deal with that crap.  The same goes for
struct unix_sock ->path, etc.

Note that in the mainline we have _very_ few places that store to ->f_path.
	1) init_file() zeroes it out
	2) file_init_path() copies the caller-supplied struct path into it
(common helper of alloc_file() family of primitives; struct file is freshly
allocated, we are setting it up)
	3) atomic_open()/finish_open()/finish_no_open() arrange for setting
->f_path between them.  Again, that's before it gets opened.
	4) vfs_tmpfile() - ditto.
	5) do_dentry_open() clears it on early failure exits
	6) vfs_open() sets it to caller-supplied struct path - that's opening
the file by path (dentry_open() and its ilk are using that one).  Again,
prior to file getting opened.
	7) acct_on() (acct(2) helper) is flipping ->f_path.mnt of its internally
opened and internally used file to cloned mount.  It does get away with that,
but it's neither pretty nor robust.

	All except the last one are in core VFS and not dealing with
already opened files.  Killing (7) is doable - it's not hard to get rid
of that weird shit in acct_on().  After that no stores happen to opened
files and all those stores are local to fs/file_table.c, fs/open.c and
fs/namei.c (the latter - in the open-related parts).

	After that the obvious next step would be to turn f_path into
type-punning union of struct path __f_path and const struct path
f_path, and switch the places that should do stores (see above) to
using ->__f_path.  It's valid C99 - no UB there.  struct file no longer
can be a modifiable lvalue, but we never did wholesale copying for those
and there's no reason to start; what's more, we never embed struct file
into any other objects.

	It's not quite that simple, though - things like
	return vfs_statx_path(&fd_file(f)->f_path, flags, stat, request_mask);
would have the compiler complain; it needs to be told that vfs_statx_path()
is not going to modify the struct path it's been given.  IOW, we need to
switch a bunch of struct path * arguments to const struct path * before we
can go for the final part.  Turns out that there's not a lot of such
missing annotations.

So this stuff sits in two branches:

#work.path switches the struct path * arguments that are never used to modify
the struct path in question to const struct path *.  Not all of those
functions are used for ->f_path, but there's not a lot of them and new call
sites might appear, so let's deal with all that bunch.

#work.f_path starts with getting rid of the shit in acct_on(), then merges
#work.path and #work.mount in (I don't want to pull constification patches
out of #work.mount), then does the conversion of f_path to anon union.

Branches are in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.path and
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.f_path resp.;
individual patches in followups.

Please, review.  If nobody objects, I'm putting that into #for-next early
next week...

[PATCH 01/21] backing_file_user_path(): constify struct path *

[Al Viro]

Callers never use the resulting pointer to modify the struct path it
points to (nor should they).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/file_table.c    | 2 +-
 include/linux/fs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/file_table.c b/fs/file_table.c
index 81c72576e548..85b53e39138d 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -54,7 +54,7 @@ struct backing_file {
 
 #define backing_file(f) container_of(f, struct backing_file, file)
 
-struct path *backing_file_user_path(const struct file *f)
+const struct path *backing_file_user_path(const struct file *f)
 {
 	return &backing_file(f)->user_path;
 }
diff --git a/include/linux/fs.h b/include/linux/fs.h
index d7ab4f96d705..3bcc878817be 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2879,7 +2879,7 @@ struct file *dentry_open_nonotify(const struct path *path, int flags,
 				  const struct cred *cred);
 struct file *dentry_create(const struct path *path, int flags, umode_t mode,
 			   const struct cred *cred);
-struct path *backing_file_user_path(const struct file *f);
+const struct path *backing_file_user_path(const struct file *f);
 
 /*
  * When mmapping a file on a stackable filesystem (e.g., overlayfs), the file
-- 
2.47.2

[PATCH 02/21] constify path argument of vfs_statx_path()

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/stat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/stat.c b/fs/stat.c
index f95c1dc3eaa4..6c79661e1b96 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -293,7 +293,7 @@ static int statx_lookup_flags(int flags)
 	return lookup_flags;
 }
 
-static int vfs_statx_path(struct path *path, int flags, struct kstat *stat,
+static int vfs_statx_path(const struct path *path, int flags, struct kstat *stat,
 			  u32 request_mask)
 {
 	int error = vfs_getattr(path, stat, request_mask, flags);
-- 
2.47.2

Re: [PATCH 02/21] constify path argument of vfs_statx_path()

[Jan Kara]

On Sat 06-09-25 10:11:18, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/stat.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/stat.c b/fs/stat.c
> index f95c1dc3eaa4..6c79661e1b96 100644
> --- a/fs/stat.c
> +++ b/fs/stat.c
> @@ -293,7 +293,7 @@ static int statx_lookup_flags(int flags)
>  	return lookup_flags;
>  }
>  
> -static int vfs_statx_path(struct path *path, int flags, struct kstat *stat,
> +static int vfs_statx_path(const struct path *path, int flags, struct kstat *stat,
>  			  u32 request_mask)
>  {
>  	int error = vfs_getattr(path, stat, request_mask, flags);
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 02/21] constify path argument of vfs_statx_path()

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:18AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 03/21] filename_lookup(): constify root argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/internal.h | 2 +-
 fs/namei.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/internal.h b/fs/internal.h
index 38e8aab27bbd..d7c86d9d94b9 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -53,7 +53,7 @@ extern int finish_clean_context(struct fs_context *fc);
  * namei.c
  */
 extern int filename_lookup(int dfd, struct filename *name, unsigned flags,
-			   struct path *path, struct path *root);
+			   struct path *path, const struct path *root);
 int do_rmdir(int dfd, struct filename *name);
 int do_unlinkat(int dfd, struct filename *name);
 int may_linkat(struct mnt_idmap *idmap, const struct path *link);
diff --git a/fs/namei.c b/fs/namei.c
index cd43ff89fbaa..869976213b0c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2673,7 +2673,7 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
 }
 
 int filename_lookup(int dfd, struct filename *name, unsigned flags,
-		    struct path *path, struct path *root)
+		    struct path *path, const struct path *root)
 {
 	int retval;
 	struct nameidata nd;
-- 
2.47.2

Re: [PATCH 03/21] filename_lookup(): constify root argument

[Jan Kara]

On Sat 06-09-25 10:11:19, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/internal.h | 2 +-
>  fs/namei.c    | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/internal.h b/fs/internal.h
> index 38e8aab27bbd..d7c86d9d94b9 100644
> --- a/fs/internal.h
> +++ b/fs/internal.h
> @@ -53,7 +53,7 @@ extern int finish_clean_context(struct fs_context *fc);
>   * namei.c
>   */
>  extern int filename_lookup(int dfd, struct filename *name, unsigned flags,
> -			   struct path *path, struct path *root);
> +			   struct path *path, const struct path *root);
>  int do_rmdir(int dfd, struct filename *name);
>  int do_unlinkat(int dfd, struct filename *name);
>  int may_linkat(struct mnt_idmap *idmap, const struct path *link);
> diff --git a/fs/namei.c b/fs/namei.c
> index cd43ff89fbaa..869976213b0c 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -2673,7 +2673,7 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
>  }
>  
>  int filename_lookup(int dfd, struct filename *name, unsigned flags,
> -		    struct path *path, struct path *root)
> +		    struct path *path, const struct path *root)
>  {
>  	int retval;
>  	struct nameidata nd;
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 03/21] filename_lookup(): constify root argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:19AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 04/21] done_path_create(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/namei.c            | 2 +-
 include/linux/namei.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 869976213b0c..3eb0408e3400 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4170,7 +4170,7 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
 }
 EXPORT_SYMBOL(kern_path_create);
 
-void done_path_create(struct path *path, struct dentry *dentry)
+void done_path_create(const struct path *path, struct dentry *dentry)
 {
 	if (!IS_ERR(dentry))
 		dput(dentry);
diff --git a/include/linux/namei.h b/include/linux/namei.h
index 5d085428e471..75c0b665fbd4 100644
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -60,7 +60,7 @@ extern int kern_path(const char *, unsigned, struct path *);
 
 extern struct dentry *kern_path_create(int, const char *, struct path *, unsigned int);
 extern struct dentry *user_path_create(int, const char __user *, struct path *, unsigned int);
-extern void done_path_create(struct path *, struct dentry *);
+extern void done_path_create(const struct path *, struct dentry *);
 extern struct dentry *kern_path_locked(const char *, struct path *);
 extern struct dentry *kern_path_locked_negative(const char *, struct path *);
 extern struct dentry *user_path_locked_at(int , const char __user *, struct path *);
-- 
2.47.2

Re: [PATCH 04/21] done_path_create(): constify path argument

[Jan Kara]

On Sat 06-09-25 10:11:20, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/namei.c            | 2 +-
>  include/linux/namei.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index 869976213b0c..3eb0408e3400 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -4170,7 +4170,7 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
>  }
>  EXPORT_SYMBOL(kern_path_create);
>  
> -void done_path_create(struct path *path, struct dentry *dentry)
> +void done_path_create(const struct path *path, struct dentry *dentry)
>  {
>  	if (!IS_ERR(dentry))
>  		dput(dentry);
> diff --git a/include/linux/namei.h b/include/linux/namei.h
> index 5d085428e471..75c0b665fbd4 100644
> --- a/include/linux/namei.h
> +++ b/include/linux/namei.h
> @@ -60,7 +60,7 @@ extern int kern_path(const char *, unsigned, struct path *);
>  
>  extern struct dentry *kern_path_create(int, const char *, struct path *, unsigned int);
>  extern struct dentry *user_path_create(int, const char __user *, struct path *, unsigned int);
> -extern void done_path_create(struct path *, struct dentry *);
> +extern void done_path_create(const struct path *, struct dentry *);
>  extern struct dentry *kern_path_locked(const char *, struct path *);
>  extern struct dentry *kern_path_locked_negative(const char *, struct path *);
>  extern struct dentry *user_path_locked_at(int , const char __user *, struct path *);
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 04/21] done_path_create(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:20AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 05/21] bpf...d_path(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/bpf_fs_kfuncs.c                             | 2 +-
 kernel/trace/bpf_trace.c                       | 2 +-
 tools/testing/selftests/bpf/bpf_experimental.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/bpf_fs_kfuncs.c b/fs/bpf_fs_kfuncs.c
index 1e36a12b88f7..5ace2511fec5 100644
--- a/fs/bpf_fs_kfuncs.c
+++ b/fs/bpf_fs_kfuncs.c
@@ -79,7 +79,7 @@ __bpf_kfunc void bpf_put_file(struct file *file)
  * pathname in *buf*, including the NUL termination character. On error, a
  * negative integer is returned.
  */
-__bpf_kfunc int bpf_path_d_path(struct path *path, char *buf, size_t buf__sz)
+__bpf_kfunc int bpf_path_d_path(const struct path *path, char *buf, size_t buf__sz)
 {
 	int len;
 	char *ret;
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 3ae52978cae6..a8bd6a7351a3 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -900,7 +900,7 @@ const struct bpf_func_proto bpf_send_signal_thread_proto = {
 	.arg1_type	= ARG_ANYTHING,
 };
 
-BPF_CALL_3(bpf_d_path, struct path *, path, char *, buf, u32, sz)
+BPF_CALL_3(bpf_d_path, const struct path *, path, char *, buf, u32, sz)
 {
 	struct path copy;
 	long len;
diff --git a/tools/testing/selftests/bpf/bpf_experimental.h b/tools/testing/selftests/bpf/bpf_experimental.h
index da7e230f2781..c15797660cdf 100644
--- a/tools/testing/selftests/bpf/bpf_experimental.h
+++ b/tools/testing/selftests/bpf/bpf_experimental.h
@@ -219,7 +219,7 @@ extern void bpf_put_file(struct file *file) __ksym;
  *	including the NULL termination character, stored in the supplied
  *	buffer. On error, a negative integer is returned.
  */
-extern int bpf_path_d_path(struct path *path, char *buf, size_t buf__sz) __ksym;
+extern int bpf_path_d_path(const struct path *path, char *buf, size_t buf__sz) __ksym;
 
 /* This macro must be used to mark the exception callback corresponding to the
  * main program. For example:
-- 
2.47.2

Re: [PATCH 05/21] bpf...d_path(): constify path argument

[Jan Kara]

On Sat 06-09-25 10:11:21, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/bpf_fs_kfuncs.c                             | 2 +-
>  kernel/trace/bpf_trace.c                       | 2 +-
>  tools/testing/selftests/bpf/bpf_experimental.h | 2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/bpf_fs_kfuncs.c b/fs/bpf_fs_kfuncs.c
> index 1e36a12b88f7..5ace2511fec5 100644
> --- a/fs/bpf_fs_kfuncs.c
> +++ b/fs/bpf_fs_kfuncs.c
> @@ -79,7 +79,7 @@ __bpf_kfunc void bpf_put_file(struct file *file)
>   * pathname in *buf*, including the NUL termination character. On error, a
>   * negative integer is returned.
>   */
> -__bpf_kfunc int bpf_path_d_path(struct path *path, char *buf, size_t buf__sz)
> +__bpf_kfunc int bpf_path_d_path(const struct path *path, char *buf, size_t buf__sz)
>  {
>  	int len;
>  	char *ret;
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 3ae52978cae6..a8bd6a7351a3 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -900,7 +900,7 @@ const struct bpf_func_proto bpf_send_signal_thread_proto = {
>  	.arg1_type	= ARG_ANYTHING,
>  };
>  
> -BPF_CALL_3(bpf_d_path, struct path *, path, char *, buf, u32, sz)
> +BPF_CALL_3(bpf_d_path, const struct path *, path, char *, buf, u32, sz)
>  {
>  	struct path copy;
>  	long len;
> diff --git a/tools/testing/selftests/bpf/bpf_experimental.h b/tools/testing/selftests/bpf/bpf_experimental.h
> index da7e230f2781..c15797660cdf 100644
> --- a/tools/testing/selftests/bpf/bpf_experimental.h
> +++ b/tools/testing/selftests/bpf/bpf_experimental.h
> @@ -219,7 +219,7 @@ extern void bpf_put_file(struct file *file) __ksym;
>   *	including the NULL termination character, stored in the supplied
>   *	buffer. On error, a negative integer is returned.
>   */
> -extern int bpf_path_d_path(struct path *path, char *buf, size_t buf__sz) __ksym;
> +extern int bpf_path_d_path(const struct path *path, char *buf, size_t buf__sz) __ksym;
>  
>  /* This macro must be used to mark the exception callback corresponding to the
>   * main program. For example:
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 05/21] bpf...d_path(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:21AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 06/21] nfs: constify path argument of __vfs_getattr()

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/nfs/localio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index bd5fca285899..1f5d8c5f67ec 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -529,7 +529,7 @@ nfs_set_local_verifier(struct inode *inode,
 }
 
 /* Factored out from fs/nfsd/vfs.h:fh_getattr() */
-static int __vfs_getattr(struct path *p, struct kstat *stat, int version)
+static int __vfs_getattr(const struct path *p, struct kstat *stat, int version)
 {
 	u32 request_mask = STATX_BASIC_STATS;
 
-- 
2.47.2

Re: [PATCH 06/21] nfs: constify path argument of __vfs_getattr()

[Jan Kara]

On Sat 06-09-25 10:11:22, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/nfs/localio.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
> index bd5fca285899..1f5d8c5f67ec 100644
> --- a/fs/nfs/localio.c
> +++ b/fs/nfs/localio.c
> @@ -529,7 +529,7 @@ nfs_set_local_verifier(struct inode *inode,
>  }
>  
>  /* Factored out from fs/nfsd/vfs.h:fh_getattr() */
> -static int __vfs_getattr(struct path *p, struct kstat *stat, int version)
> +static int __vfs_getattr(const struct path *p, struct kstat *stat, int version)
>  {
>  	u32 request_mask = STATX_BASIC_STATS;
>  
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 06/21] nfs: constify path argument of __vfs_getattr()

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:22AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 07/21] rqst_exp_get_by_name(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/nfsd/export.c | 2 +-
 fs/nfsd/export.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index cadfc2bae60e..dffb24758f60 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1181,7 +1181,7 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp,
  * use exp_get_by_name() or exp_find().
  */
 struct svc_export *
-rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path)
+rqst_exp_get_by_name(struct svc_rqst *rqstp, const struct path *path)
 {
 	struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h
index b9c0adb3ce09..cb36e6cce829 100644
--- a/fs/nfsd/export.h
+++ b/fs/nfsd/export.h
@@ -111,7 +111,7 @@ int			nfsd_export_init(struct net *);
 void			nfsd_export_shutdown(struct net *);
 void			nfsd_export_flush(struct net *);
 struct svc_export *	rqst_exp_get_by_name(struct svc_rqst *,
-					     struct path *);
+					     const struct path *);
 struct svc_export *	rqst_exp_parent(struct svc_rqst *,
 					struct path *);
 struct svc_export *	rqst_find_fsidzero_export(struct svc_rqst *);
-- 
2.47.2

Re: [PATCH 07/21] rqst_exp_get_by_name(): constify path argument

[Chuck Lever]

On 9/6/25 5:11 AM, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
>  fs/nfsd/export.c | 2 +-
>  fs/nfsd/export.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index cadfc2bae60e..dffb24758f60 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -1181,7 +1181,7 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp,
>   * use exp_get_by_name() or exp_find().
>   */
>  struct svc_export *
> -rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path)
> +rqst_exp_get_by_name(struct svc_rqst *rqstp, const struct path *path)
>  {
>  	struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
>  	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
> diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h
> index b9c0adb3ce09..cb36e6cce829 100644
> --- a/fs/nfsd/export.h
> +++ b/fs/nfsd/export.h
> @@ -111,7 +111,7 @@ int			nfsd_export_init(struct net *);
>  void			nfsd_export_shutdown(struct net *);
>  void			nfsd_export_flush(struct net *);
>  struct svc_export *	rqst_exp_get_by_name(struct svc_rqst *,
> -					     struct path *);
> +					     const struct path *);
>  struct svc_export *	rqst_exp_parent(struct svc_rqst *,
>  					struct path *);
>  struct svc_export *	rqst_find_fsidzero_export(struct svc_rqst *);

Acked-by: Chuck Lever <chuck.lever@oracle.com>

-- 
Chuck Lever

Re: [PATCH 07/21] rqst_exp_get_by_name(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:23AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 08/21] export_operations->open(): constify path argument

[Al Viro]

for the method and its sole instance...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/pidfs.c               | 2 +-
 include/linux/exportfs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/pidfs.c b/fs/pidfs.c
index 108e7527f837..5af4fee288ea 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -847,7 +847,7 @@ static int pidfs_export_permission(struct handle_to_path_ctx *ctx,
 	return 0;
 }
 
-static struct file *pidfs_export_open(struct path *path, unsigned int oflags)
+static struct file *pidfs_export_open(const struct path *path, unsigned int oflags)
 {
 	/*
 	 * Clear O_LARGEFILE as open_by_handle_at() forces it and raise
diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h
index cfb0dd1ea49c..f43c83e0b8c5 100644
--- a/include/linux/exportfs.h
+++ b/include/linux/exportfs.h
@@ -270,7 +270,7 @@ struct export_operations {
 	int (*commit_blocks)(struct inode *inode, struct iomap *iomaps,
 			     int nr_iomaps, struct iattr *iattr);
 	int (*permission)(struct handle_to_path_ctx *ctx, unsigned int oflags);
-	struct file * (*open)(struct path *path, unsigned int oflags);
+	struct file * (*open)(const struct path *path, unsigned int oflags);
 #define	EXPORT_OP_NOWCC			(0x1) /* don't collect v3 wcc data */
 #define	EXPORT_OP_NOSUBTREECHK		(0x2) /* no subtree checking */
 #define	EXPORT_OP_CLOSE_BEFORE_UNLINK	(0x4) /* close files before unlink */
-- 
2.47.2

Re: [PATCH 08/21] export_operations->open(): constify path argument

[Jan Kara]

On Sat 06-09-25 10:11:24, Al Viro wrote:
> for the method and its sole instance...
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/pidfs.c               | 2 +-
>  include/linux/exportfs.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/pidfs.c b/fs/pidfs.c
> index 108e7527f837..5af4fee288ea 100644
> --- a/fs/pidfs.c
> +++ b/fs/pidfs.c
> @@ -847,7 +847,7 @@ static int pidfs_export_permission(struct handle_to_path_ctx *ctx,
>  	return 0;
>  }
>  
> -static struct file *pidfs_export_open(struct path *path, unsigned int oflags)
> +static struct file *pidfs_export_open(const struct path *path, unsigned int oflags)
>  {
>  	/*
>  	 * Clear O_LARGEFILE as open_by_handle_at() forces it and raise
> diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h
> index cfb0dd1ea49c..f43c83e0b8c5 100644
> --- a/include/linux/exportfs.h
> +++ b/include/linux/exportfs.h
> @@ -270,7 +270,7 @@ struct export_operations {
>  	int (*commit_blocks)(struct inode *inode, struct iomap *iomaps,
>  			     int nr_iomaps, struct iattr *iattr);
>  	int (*permission)(struct handle_to_path_ctx *ctx, unsigned int oflags);
> -	struct file * (*open)(struct path *path, unsigned int oflags);
> +	struct file * (*open)(const struct path *path, unsigned int oflags);
>  #define	EXPORT_OP_NOWCC			(0x1) /* don't collect v3 wcc data */
>  #define	EXPORT_OP_NOSUBTREECHK		(0x2) /* no subtree checking */
>  #define	EXPORT_OP_CLOSE_BEFORE_UNLINK	(0x4) /* close files before unlink */
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 08/21] export_operations->open(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:24AM +0100, Al Viro wrote:
> for the method and its sole instance...
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 09/21] check_export(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/nfsd/export.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index dffb24758f60..caa695c06efb 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -402,7 +402,7 @@ static struct svc_export *svc_export_update(struct svc_export *new,
 					    struct svc_export *old);
 static struct svc_export *svc_export_lookup(struct svc_export *);
 
-static int check_export(struct path *path, int *flags, unsigned char *uuid)
+static int check_export(const struct path *path, int *flags, unsigned char *uuid)
 {
 	struct inode *inode = d_inode(path->dentry);
 
-- 
2.47.2

Re: [PATCH 09/21] check_export(): constify path argument

[Jan Kara]

On Sat 06-09-25 10:11:25, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/nfsd/export.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index dffb24758f60..caa695c06efb 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -402,7 +402,7 @@ static struct svc_export *svc_export_update(struct svc_export *new,
>  					    struct svc_export *old);
>  static struct svc_export *svc_export_lookup(struct svc_export *);
>  
> -static int check_export(struct path *path, int *flags, unsigned char *uuid)
> +static int check_export(const struct path *path, int *flags, unsigned char *uuid)
>  {
>  	struct inode *inode = d_inode(path->dentry);
>  
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 09/21] check_export(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:25AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 10/21] ksmbd_vfs_path_lookup_locked(): root_share_path can be const struct path *

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/smb/server/vfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 04539037108c..9f45c6ced854 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -72,7 +72,7 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_config *share_conf,
 {
 	struct qstr last;
 	struct filename *filename __free(putname) = NULL;
-	struct path *root_share_path = &share_conf->vfs_path;
+	const struct path *root_share_path = &share_conf->vfs_path;
 	int err, type;
 	struct dentry *d;
 
-- 
2.47.2

Re: [PATCH 10/21] ksmbd_vfs_path_lookup_locked(): root_share_path can be const struct path *

[Namjae Jeon]

On Sat, Sep 6, 2025 at 6:11 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Thanks!

Re: [PATCH 10/21] ksmbd_vfs_path_lookup_locked(): root_share_path can be const struct path *

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:26AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 11/21] ksmbd_vfs_kern_path_unlock(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/smb/server/vfs.c | 2 +-
 fs/smb/server/vfs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 9f45c6ced854..1d9694578bff 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -1306,7 +1306,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *filepath,
 				     caseless, true);
 }
 
-void ksmbd_vfs_kern_path_unlock(struct path *path)
+void ksmbd_vfs_kern_path_unlock(const struct path *path)
 {
 	/* While lock is still held, ->d_parent is safe */
 	inode_unlock(d_inode(path->dentry->d_parent));
diff --git a/fs/smb/server/vfs.h b/fs/smb/server/vfs.h
index d47472f3e30b..35725abf4f92 100644
--- a/fs/smb/server/vfs.h
+++ b/fs/smb/server/vfs.h
@@ -123,7 +123,7 @@ int ksmbd_vfs_kern_path(struct ksmbd_work *work, char *name,
 int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
 			       unsigned int flags,
 			       struct path *path, bool caseless);
-void ksmbd_vfs_kern_path_unlock(struct path *path);
+void ksmbd_vfs_kern_path_unlock(const struct path *path);
 struct dentry *ksmbd_vfs_kern_path_create(struct ksmbd_work *work,
 					  const char *name,
 					  unsigned int flags,
-- 
2.47.2

Re: [PATCH 11/21] ksmbd_vfs_kern_path_unlock(): constify path argument

[Namjae Jeon]

On Sat, Sep 6, 2025 at 6:11 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Thanks!

Re: [PATCH 11/21] ksmbd_vfs_kern_path_unlock(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:27AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 12/21] ksmbd_vfs_inherit_posix_acl(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/smb/server/vfs.c | 2 +-
 fs/smb/server/vfs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 1d9694578bff..299a5d9fcb78 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -1909,7 +1909,7 @@ int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
 }
 
 int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap,
-				struct path *path, struct inode *parent_inode)
+				const struct path *path, struct inode *parent_inode)
 {
 	struct posix_acl *acls;
 	struct posix_acl_entry *pace;
diff --git a/fs/smb/server/vfs.h b/fs/smb/server/vfs.h
index 35725abf4f92..458e2e3917b1 100644
--- a/fs/smb/server/vfs.h
+++ b/fs/smb/server/vfs.h
@@ -166,6 +166,6 @@ int ksmbd_vfs_get_dos_attrib_xattr(struct mnt_idmap *idmap,
 int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
 				 struct path *path);
 int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap,
-				struct path *path,
+				const struct path *path,
 				struct inode *parent_inode);
 #endif /* __KSMBD_VFS_H__ */
-- 
2.47.2

Re: [PATCH 12/21] ksmbd_vfs_inherit_posix_acl(): constify path argument

[Namjae Jeon]

On Sat, Sep 6, 2025 at 6:11 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Thanks!

Re: [PATCH 12/21] ksmbd_vfs_inherit_posix_acl(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:28AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 13/21] ksmbd_vfs_set_init_posix_acl(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/smb/server/vfs.c | 2 +-
 fs/smb/server/vfs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 299a5d9fcb78..a33b088afa27 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -1856,7 +1856,7 @@ void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock)
 }
 
 int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
-				 struct path *path)
+				 const struct path *path)
 {
 	struct posix_acl_state acl_state;
 	struct posix_acl *acls;
diff --git a/fs/smb/server/vfs.h b/fs/smb/server/vfs.h
index 458e2e3917b1..df6421b4590b 100644
--- a/fs/smb/server/vfs.h
+++ b/fs/smb/server/vfs.h
@@ -164,7 +164,7 @@ int ksmbd_vfs_get_dos_attrib_xattr(struct mnt_idmap *idmap,
 				   struct dentry *dentry,
 				   struct xattr_dos_attrib *da);
 int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
-				 struct path *path);
+				 const struct path *path);
 int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap,
 				const struct path *path,
 				struct inode *parent_inode);
-- 
2.47.2

Re: [PATCH 13/21] ksmbd_vfs_set_init_posix_acl(): constify path argument

[Namjae Jeon]

On Sat, Sep 6, 2025 at 6:11 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Thanks!

Re: [PATCH 13/21] ksmbd_vfs_set_init_posix_acl(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:29AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 14/21] ovl_ensure_verity_loaded(): constify datapath argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/overlayfs.h | 2 +-
 fs/overlayfs/util.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index bb0d7ded8e76..53a8ba572a0f 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -563,7 +563,7 @@ int ovl_set_metacopy_xattr(struct ovl_fs *ofs, struct dentry *d,
 			   struct ovl_metacopy *metacopy);
 bool ovl_is_metacopy_dentry(struct dentry *dentry);
 char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding);
-int ovl_ensure_verity_loaded(struct path *path);
+int ovl_ensure_verity_loaded(const struct path *path);
 int ovl_validate_verity(struct ovl_fs *ofs,
 			struct path *metapath,
 			struct path *datapath);
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index 41033bac96cb..35eb8ee6c9e2 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -1381,7 +1381,7 @@ char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int pa
 }
 
 /* Call with mounter creds as it may open the file */
-int ovl_ensure_verity_loaded(struct path *datapath)
+int ovl_ensure_verity_loaded(const struct path *datapath)
 {
 	struct inode *inode = d_inode(datapath->dentry);
 	struct file *filp;
-- 
2.47.2

Re: [PATCH 14/21] ovl_ensure_verity_loaded(): constify datapath argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:30AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 15/21] ovl_validate_verity(): constify {meta,data}path arguments

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/overlayfs.h | 4 ++--
 fs/overlayfs/util.c      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 53a8ba572a0f..79cebf2a59d3 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -565,8 +565,8 @@ bool ovl_is_metacopy_dentry(struct dentry *dentry);
 char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding);
 int ovl_ensure_verity_loaded(const struct path *path);
 int ovl_validate_verity(struct ovl_fs *ofs,
-			struct path *metapath,
-			struct path *datapath);
+			const struct path *metapath,
+			const struct path *datapath);
 int ovl_get_verity_digest(struct ovl_fs *ofs, struct path *src,
 			  struct ovl_metacopy *metacopy);
 int ovl_sync_status(struct ovl_fs *ofs);
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index 35eb8ee6c9e2..b3264644edc4 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -1401,8 +1401,8 @@ int ovl_ensure_verity_loaded(const struct path *datapath)
 }
 
 int ovl_validate_verity(struct ovl_fs *ofs,
-			struct path *metapath,
-			struct path *datapath)
+			const struct path *metapath,
+			const struct path *datapath)
 {
 	struct ovl_metacopy metacopy_data;
 	u8 actual_digest[FS_VERITY_MAX_DIGEST_SIZE];
-- 
2.47.2

Re: [PATCH 15/21] ovl_validate_verity(): constify {meta,data}path arguments

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:31AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 16/21] ovl_get_verity_digest(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/overlayfs.h | 2 +-
 fs/overlayfs/util.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 79cebf2a59d3..e3a74922d9e4 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -567,7 +567,7 @@ int ovl_ensure_verity_loaded(const struct path *path);
 int ovl_validate_verity(struct ovl_fs *ofs,
 			const struct path *metapath,
 			const struct path *datapath);
-int ovl_get_verity_digest(struct ovl_fs *ofs, struct path *src,
+int ovl_get_verity_digest(struct ovl_fs *ofs, const struct path *src,
 			  struct ovl_metacopy *metacopy);
 int ovl_sync_status(struct ovl_fs *ofs);
 
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index b3264644edc4..14f1c2a98f17 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -1455,7 +1455,7 @@ int ovl_validate_verity(struct ovl_fs *ofs,
 	return 0;
 }
 
-int ovl_get_verity_digest(struct ovl_fs *ofs, struct path *src,
+int ovl_get_verity_digest(struct ovl_fs *ofs, const struct path *src,
 			  struct ovl_metacopy *metacopy)
 {
 	int err, digest_size;
-- 
2.47.2

Re: [PATCH 16/21] ovl_get_verity_digest(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:32AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 17/21] ovl_lower_dir(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index df85a76597e9..e3d0e86bb7c4 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -394,7 +394,7 @@ static int ovl_check_namelen(const struct path *path, struct ovl_fs *ofs,
 	return err;
 }
 
-static int ovl_lower_dir(const char *name, struct path *path,
+static int ovl_lower_dir(const char *name, const struct path *path,
 			 struct ovl_fs *ofs, int *stack_depth)
 {
 	int fh_type;
-- 
2.47.2

Re: [PATCH 17/21] ovl_lower_dir(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:33AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 18/21] ovl_sync_file(): constify path argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/copy_up.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 27396fe63f6d..59630b8d50b6 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -242,7 +242,7 @@ static int ovl_verify_area(loff_t pos, loff_t pos2, loff_t len, loff_t totlen)
 	return 0;
 }
 
-static int ovl_sync_file(struct path *path)
+static int ovl_sync_file(const struct path *path)
 {
 	struct file *new_file;
 	int err;
-- 
2.47.2

Re: [PATCH 18/21] ovl_sync_file(): constify path argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:34AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 19/21] ovl_is_real_file: constify realpath argument

[Al Viro]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/overlayfs/file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index f5b8877d5fe2..fc52c796061d 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -120,7 +120,7 @@ static bool ovl_is_real_file(const struct file *realfile,
 }
 
 static struct file *ovl_real_file_path(const struct file *file,
-				       struct path *realpath)
+				       const struct path *realpath)
 {
 	struct ovl_file *of = file->private_data;
 	struct file *realfile = of->realfile;
-- 
2.47.2

Re: [PATCH 19/21] ovl_is_real_file: constify realpath argument

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:35AM +0100, Al Viro wrote:
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 20/21] apparmor/af_unix: constify struct path * arguments

[Al Viro]

unix_sk(sock)->path should never be modified, least of all by LSM...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/apparmor/af_unix.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c
index 9129766d1e9c..ac0f4be791ec 100644
--- a/security/apparmor/af_unix.c
+++ b/security/apparmor/af_unix.c
@@ -31,7 +31,7 @@ static inline struct sock *aa_unix_sk(struct unix_sock *u)
 }
 
 static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred,
-			struct aa_label *label, struct path *path)
+			struct aa_label *label, const struct path *path)
 {
 	AA_BUG(!label);
 	AA_BUG(!path);
@@ -224,7 +224,7 @@ static int profile_create_perm(struct aa_profile *profile, int family,
 
 static int profile_sk_perm(struct aa_profile *profile,
 			   struct apparmor_audit_data *ad,
-			   u32 request, struct sock *sk, struct path *path)
+			   u32 request, struct sock *sk, const struct path *path)
 {
 	struct aa_ruleset *rules = profile->label.rules[0];
 	struct aa_perms *p = NULL;
@@ -386,9 +386,9 @@ static int profile_opt_perm(struct aa_profile *profile, u32 request,
 
 /* null peer_label is allowed, in which case the peer_sk label is used */
 static int profile_peer_perm(struct aa_profile *profile, u32 request,
-			     struct sock *sk, struct path *path,
+			     struct sock *sk, const struct path *path,
 			     struct sockaddr_un *peer_addr,
-			     int peer_addrlen, struct path *peer_path,
+			     int peer_addrlen, const struct path *peer_path,
 			     struct aa_label *peer_label,
 			     struct apparmor_audit_data *ad)
 {
@@ -445,7 +445,7 @@ int aa_unix_create_perm(struct aa_label *label, int family, int type,
 static int aa_unix_label_sk_perm(const struct cred *subj_cred,
 				 struct aa_label *label,
 				 const char *op, u32 request, struct sock *sk,
-				 struct path *path)
+				 const struct path *path)
 {
 	if (!unconfined(label)) {
 		struct aa_profile *profile;
@@ -599,9 +599,9 @@ int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock,
 
 static int unix_peer_perm(const struct cred *subj_cred,
 			  struct aa_label *label, const char *op, u32 request,
-			  struct sock *sk, struct path *path,
+			  struct sock *sk, const struct path *path,
 			  struct sockaddr_un *peer_addr, int peer_addrlen,
-			  struct path *peer_path, struct aa_label *peer_label)
+			  const struct path *peer_path, struct aa_label *peer_label)
 {
 	struct aa_profile *profile;
 	DEFINE_AUDIT_SK(ad, op, subj_cred, sk);
-- 
2.47.2

Re: [PATCH 20/21] apparmor/af_unix: constify struct path * arguments

[Jan Kara]

On Sat 06-09-25 10:11:36, Al Viro wrote:
> unix_sk(sock)->path should never be modified, least of all by LSM...
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  security/apparmor/af_unix.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c
> index 9129766d1e9c..ac0f4be791ec 100644
> --- a/security/apparmor/af_unix.c
> +++ b/security/apparmor/af_unix.c
> @@ -31,7 +31,7 @@ static inline struct sock *aa_unix_sk(struct unix_sock *u)
>  }
>  
>  static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred,
> -			struct aa_label *label, struct path *path)
> +			struct aa_label *label, const struct path *path)
>  {
>  	AA_BUG(!label);
>  	AA_BUG(!path);
> @@ -224,7 +224,7 @@ static int profile_create_perm(struct aa_profile *profile, int family,
>  
>  static int profile_sk_perm(struct aa_profile *profile,
>  			   struct apparmor_audit_data *ad,
> -			   u32 request, struct sock *sk, struct path *path)
> +			   u32 request, struct sock *sk, const struct path *path)
>  {
>  	struct aa_ruleset *rules = profile->label.rules[0];
>  	struct aa_perms *p = NULL;
> @@ -386,9 +386,9 @@ static int profile_opt_perm(struct aa_profile *profile, u32 request,
>  
>  /* null peer_label is allowed, in which case the peer_sk label is used */
>  static int profile_peer_perm(struct aa_profile *profile, u32 request,
> -			     struct sock *sk, struct path *path,
> +			     struct sock *sk, const struct path *path,
>  			     struct sockaddr_un *peer_addr,
> -			     int peer_addrlen, struct path *peer_path,
> +			     int peer_addrlen, const struct path *peer_path,
>  			     struct aa_label *peer_label,
>  			     struct apparmor_audit_data *ad)
>  {
> @@ -445,7 +445,7 @@ int aa_unix_create_perm(struct aa_label *label, int family, int type,
>  static int aa_unix_label_sk_perm(const struct cred *subj_cred,
>  				 struct aa_label *label,
>  				 const char *op, u32 request, struct sock *sk,
> -				 struct path *path)
> +				 const struct path *path)
>  {
>  	if (!unconfined(label)) {
>  		struct aa_profile *profile;
> @@ -599,9 +599,9 @@ int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock,
>  
>  static int unix_peer_perm(const struct cred *subj_cred,
>  			  struct aa_label *label, const char *op, u32 request,
> -			  struct sock *sk, struct path *path,
> +			  struct sock *sk, const struct path *path,
>  			  struct sockaddr_un *peer_addr, int peer_addrlen,
> -			  struct path *peer_path, struct aa_label *peer_label)
> +			  const struct path *peer_path, struct aa_label *peer_label)
>  {
>  	struct aa_profile *profile;
>  	DEFINE_AUDIT_SK(ad, op, subj_cred, sk);
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 20/21] apparmor/af_unix: constify struct path * arguments

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:36AM +0100, Al Viro wrote:
> unix_sk(sock)->path should never be modified, least of all by LSM...
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 21/21] configfs:get_target() - release path as soon as we grab configfs_item reference

[Al Viro]

... and get rid of path argument - it turns into a local variable in get_target()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/configfs/symlink.c | 33 +++++++++++++--------------------
 1 file changed, 13 insertions(+), 20 deletions(-)

diff --git a/fs/configfs/symlink.c b/fs/configfs/symlink.c
index 69133ec1fac2..f3f79c67add5 100644
--- a/fs/configfs/symlink.c
+++ b/fs/configfs/symlink.c
@@ -114,26 +114,21 @@ static int create_link(struct config_item *parent_item,
 }
 
 
-static int get_target(const char *symname, struct path *path,
-		      struct config_item **target, struct super_block *sb)
+static int get_target(const char *symname, struct config_item **target,
+		      struct super_block *sb)
 {
+	struct path path __free(path_put) = {};
 	int ret;
 
-	ret = kern_path(symname, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, path);
-	if (!ret) {
-		if (path->dentry->d_sb == sb) {
-			*target = configfs_get_config_item(path->dentry);
-			if (!*target) {
-				ret = -ENOENT;
-				path_put(path);
-			}
-		} else {
-			ret = -EPERM;
-			path_put(path);
-		}
-	}
-
-	return ret;
+	ret = kern_path(symname, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &path);
+	if (ret)
+		return ret;
+	if (path.dentry->d_sb != sb)
+		return -EPERM;
+	*target = configfs_get_config_item(path.dentry);
+	if (!*target)
+		return -ENOENT;
+	return 0;
 }
 
 
@@ -141,7 +136,6 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
 		     struct dentry *dentry, const char *symname)
 {
 	int ret;
-	struct path path;
 	struct configfs_dirent *sd;
 	struct config_item *parent_item;
 	struct config_item *target_item = NULL;
@@ -188,7 +182,7 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
 	 *  AV, a thoroughly annoyed bastard.
 	 */
 	inode_unlock(dir);
-	ret = get_target(symname, &path, &target_item, dentry->d_sb);
+	ret = get_target(symname, &target_item, dentry->d_sb);
 	inode_lock(dir);
 	if (ret)
 		goto out_put;
@@ -210,7 +204,6 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
 	}
 
 	config_item_put(target_item);
-	path_put(&path);
 
 out_put:
 	config_item_put(parent_item);
-- 
2.47.2

Re: [PATCH 21/21] configfs:get_target() - release path as soon as we grab configfs_item reference

[Jan Kara]

On Sat 06-09-25 10:11:37, Al Viro wrote:
> ... and get rid of path argument - it turns into a local variable in get_target()
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/configfs/symlink.c | 33 +++++++++++++--------------------
>  1 file changed, 13 insertions(+), 20 deletions(-)
> 
> diff --git a/fs/configfs/symlink.c b/fs/configfs/symlink.c
> index 69133ec1fac2..f3f79c67add5 100644
> --- a/fs/configfs/symlink.c
> +++ b/fs/configfs/symlink.c
> @@ -114,26 +114,21 @@ static int create_link(struct config_item *parent_item,
>  }
>  
>  
> -static int get_target(const char *symname, struct path *path,
> -		      struct config_item **target, struct super_block *sb)
> +static int get_target(const char *symname, struct config_item **target,
> +		      struct super_block *sb)
>  {
> +	struct path path __free(path_put) = {};
>  	int ret;
>  
> -	ret = kern_path(symname, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, path);
> -	if (!ret) {
> -		if (path->dentry->d_sb == sb) {
> -			*target = configfs_get_config_item(path->dentry);
> -			if (!*target) {
> -				ret = -ENOENT;
> -				path_put(path);
> -			}
> -		} else {
> -			ret = -EPERM;
> -			path_put(path);
> -		}
> -	}
> -
> -	return ret;
> +	ret = kern_path(symname, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &path);
> +	if (ret)
> +		return ret;
> +	if (path.dentry->d_sb != sb)
> +		return -EPERM;
> +	*target = configfs_get_config_item(path.dentry);
> +	if (!*target)
> +		return -ENOENT;
> +	return 0;
>  }
>  
>  
> @@ -141,7 +136,6 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
>  		     struct dentry *dentry, const char *symname)
>  {
>  	int ret;
> -	struct path path;
>  	struct configfs_dirent *sd;
>  	struct config_item *parent_item;
>  	struct config_item *target_item = NULL;
> @@ -188,7 +182,7 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
>  	 *  AV, a thoroughly annoyed bastard.
>  	 */
>  	inode_unlock(dir);
> -	ret = get_target(symname, &path, &target_item, dentry->d_sb);
> +	ret = get_target(symname, &target_item, dentry->d_sb);
>  	inode_lock(dir);
>  	if (ret)
>  		goto out_put;
> @@ -210,7 +204,6 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
>  	}
>  
>  	config_item_put(target_item);
> -	path_put(&path);
>  
>  out_put:
>  	config_item_put(parent_item);
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 21/21] configfs:get_target() - release path as soon as we grab configfs_item reference

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:37AM +0100, Al Viro wrote:
> ... and get rid of path argument - it turns into a local variable in get_target()
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH 01/21] backing_file_user_path(): constify struct path *

[Jan Kara]

On Sat 06-09-25 10:11:17, Al Viro wrote:
> Callers never use the resulting pointer to modify the struct path it
> points to (nor should they).
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza
> ---
>  fs/file_table.c    | 2 +-
>  include/linux/fs.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/file_table.c b/fs/file_table.c
> index 81c72576e548..85b53e39138d 100644
> --- a/fs/file_table.c
> +++ b/fs/file_table.c
> @@ -54,7 +54,7 @@ struct backing_file {
>  
>  #define backing_file(f) container_of(f, struct backing_file, file)
>  
> -struct path *backing_file_user_path(const struct file *f)
> +const struct path *backing_file_user_path(const struct file *f)
>  {
>  	return &backing_file(f)->user_path;
>  }
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index d7ab4f96d705..3bcc878817be 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -2879,7 +2879,7 @@ struct file *dentry_open_nonotify(const struct path *path, int flags,
>  				  const struct cred *cred);
>  struct file *dentry_create(const struct path *path, int flags, umode_t mode,
>  			   const struct cred *cred);
> -struct path *backing_file_user_path(const struct file *f);
> +const struct path *backing_file_user_path(const struct file *f);
>  
>  /*
>   * When mmapping a file on a stackable filesystem (e.g., overlayfs), the file
> -- 
> 2.47.2
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 01/21] backing_file_user_path(): constify struct path *

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:11:17AM +0100, Al Viro wrote:
> Callers never use the resulting pointer to modify the struct path it
> points to (nor should they).
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

[PATCH 1/2] kernel/acct.c: saner struct file treatment

[Al Viro]

[first commit in work.f_path]

	Instead of switching ->f_path.mnt of an opened file to internal
clone, resolve the pathname, get a struct path with ->mnt set to internal
clone, then dentry_open() that to get the file with right ->f_path.mnt
from the very beginning.
    
	The only subtle part here is that on failure exits we need to
close the file with __fput_sync() and make sure we do that *before*
dropping the original mount.
    
	With that done, only fs/{file_table,open,namei}.c ever store
anything to file->f_path and only prior to file->f_mode & FMODE_OPENED
becoming true.  Analysis of mount write count handling also becomes
less brittle and convoluted...
    
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/kernel/acct.c b/kernel/acct.c
index 6520baa13669..30ae403ee322 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -44,19 +44,14 @@
  * a struct file opened for write. Fixed. 2/6/2000, AV.
  */
 
-#include <linux/mm.h>
 #include <linux/slab.h>
 #include <linux/acct.h>
 #include <linux/capability.h>
-#include <linux/file.h>
 #include <linux/tty.h>
-#include <linux/security.h>
-#include <linux/vfs.h>
+#include <linux/statfs.h>
 #include <linux/jiffies.h>
-#include <linux/times.h>
 #include <linux/syscalls.h>
-#include <linux/mount.h>
-#include <linux/uaccess.h>
+#include <linux/namei.h>
 #include <linux/sched/cputime.h>
 
 #include <asm/div64.h>
@@ -217,84 +212,68 @@ static void close_work(struct work_struct *work)
 	complete(&acct->done);
 }
 
-static int acct_on(struct filename *pathname)
+DEFINE_FREE(fput_sync, struct file *, if (!IS_ERR_OR_NULL(_T)) __fput_sync(_T))
+static int acct_on(const char __user *name)
 {
-	struct file *file;
-	struct vfsmount *mnt, *internal;
+	/* Difference from BSD - they don't do O_APPEND */
+	const int open_flags = O_WRONLY|O_APPEND|O_LARGEFILE;
 	struct pid_namespace *ns = task_active_pid_ns(current);
+	struct path path __free(path_put) = {};		// in that order
+	struct path internal __free(path_put) = {};	// in that order
+	struct file *file __free(fput_sync) = NULL;	// in that order
 	struct bsd_acct_struct *acct;
+	struct vfsmount *mnt;
 	struct fs_pin *old;
 	int err;
 
-	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
-	if (!acct)
-		return -ENOMEM;
+	err = user_path_at(AT_FDCWD, name, LOOKUP_FOLLOW, &path);
+	if (err)
+		return err;
 
-	/* Difference from BSD - they don't do O_APPEND */
-	file = file_open_name(pathname, O_WRONLY|O_APPEND|O_LARGEFILE, 0);
-	if (IS_ERR(file)) {
-		kfree(acct);
+	mnt = mnt_clone_internal(&path);
+	if (IS_ERR(mnt))
+		return PTR_ERR(mnt);
+
+	internal.mnt = mnt;
+	internal.dentry = dget(mnt->mnt_root);
+
+	file = dentry_open(&internal, open_flags, current_cred());
+	if (IS_ERR(file))
 		return PTR_ERR(file);
-	}
 
-	if (!S_ISREG(file_inode(file)->i_mode)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (!S_ISREG(file_inode(file)->i_mode))
 		return -EACCES;
-	}
 
 	/* Exclude kernel kernel internal filesystems. */
-	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT))
 		return -EINVAL;
-	}
 
 	/* Exclude procfs and sysfs. */
-	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE)
 		return -EINVAL;
-	}
 
-	if (!(file->f_mode & FMODE_CAN_WRITE)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (!(file->f_mode & FMODE_CAN_WRITE))
 		return -EIO;
-	}
-	internal = mnt_clone_internal(&file->f_path);
-	if (IS_ERR(internal)) {
-		kfree(acct);
-		filp_close(file, NULL);
-		return PTR_ERR(internal);
-	}
-	err = mnt_get_write_access(internal);
-	if (err) {
-		mntput(internal);
-		kfree(acct);
-		filp_close(file, NULL);
-		return err;
-	}
-	mnt = file->f_path.mnt;
-	file->f_path.mnt = internal;
+
+	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
+	if (!acct)
+		return -ENOMEM;
 
 	atomic_long_set(&acct->count, 1);
 	init_fs_pin(&acct->pin, acct_pin_kill);
-	acct->file = file;
+	acct->file = no_free_ptr(file);
 	acct->needcheck = jiffies;
 	acct->ns = ns;
 	mutex_init(&acct->lock);
 	INIT_WORK(&acct->work, close_work);
 	init_completion(&acct->done);
 	mutex_lock_nested(&acct->lock, 1);	/* nobody has seen it yet */
-	pin_insert(&acct->pin, mnt);
+	pin_insert(&acct->pin, path.mnt);
 
 	rcu_read_lock();
 	old = xchg(&ns->bacct, &acct->pin);
 	mutex_unlock(&acct->lock);
 	pin_kill(old);
-	mnt_put_write_access(mnt);
-	mntput(mnt);
 	return 0;
 }
 
@@ -319,14 +298,9 @@ SYSCALL_DEFINE1(acct, const char __user *, name)
 		return -EPERM;
 
 	if (name) {
-		struct filename *tmp = getname(name);
-
-		if (IS_ERR(tmp))
-			return PTR_ERR(tmp);
 		mutex_lock(&acct_on_mutex);
-		error = acct_on(tmp);
+		error = acct_on(name);
 		mutex_unlock(&acct_on_mutex);
-		putname(tmp);
 	} else {
 		rcu_read_lock();
 		pin_kill(task_active_pid_ns(current)->bacct);

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Mark Brown]

[-- Attachment #1: Type: text/plain, Size: 30013 bytes --]

On Sat, Sep 06, 2025 at 10:13:39AM +0100, Al Viro wrote:
> [first commit in work.f_path]
> 
> 	Instead of switching ->f_path.mnt of an opened file to internal
> clone, resolve the pathname, get a struct path with ->mnt set to internal
> clone, then dentry_open() that to get the file with right ->f_path.mnt
> from the very beginning.

I'm seeing test failures in -next on the LTP acct01 test which bisect to
this patch.  The test fails with:

acct01.c:123: TFAIL: acct(.) expected EISDIR: EACCES (13)
acct01.c:123: TPASS: acct(/dev/null) : EACCES (13)
acct01.c:123: TPASS: acct(/tmp/does/not/exist) : ENOENT (2)
acct01.c:123: TPASS: acct(./tmpfile/) : ENOTDIR (20)
acct01.c:123: TPASS: acct(./tmpfile) : EPERM (1)
acct01.c:123: TPASS: acct(NULL) : EPERM (1)
acct01.c:123: TPASS: acct(test_file_eloop1) : ELOOP (40)
acct01.c:123: TPASS: acct(aaaa...) : ENAMETOOLONG (36)
acct01.c:123: TPASS: acct(ro_mntpoint/file) : EROFS (30)
acct01.c:123: TPASS: acct(Invalid address) : EFAULT (14)
Summary:
passed   9
failed   1
broken   0
skipped  0
warnings 0

Full log:

   https://lava.sirena.org.uk/scheduler/job/1882210#L7052

Bisect log with links to more test runs, it looks like the bisect got
very lucky and tested this patch first for some reason:

# bad: [b5a4da2c459f79a2c87c867398f1c0c315779781] Add linux-next specific files for 20250924
# good: [69ed2a71d8f82f4304aa52c2c4abf41d1c1f4c7e] Merge branch 'for-linux-next-fixes' of https://gitlab.freedesktop.org/drm/misc/kernel.git
# good: [e609438851928381e39b5393f17156955a84122a] regulator: dt-bindings: qcom,sdm845-refgen-regulator: document more platforms
# good: [5fa7d739f811bdffb5fc99696c2e821344fe0b88] regulator: dt-bindings: qcom,sdm845-refgen-regulator: document more platforms
# good: [f98cabe3f6cf6396b3ae0264800d9b53d7612433] SPI: Add virtio SPI driver
# good: [ad4728740bd68d74365a43acc25a65339a9b2173] spi: rpc-if: Add resume support for RZ/G3E
# good: [63b4c34635cf32af023796b64c855dd1ed0f0a4f] tas2783A: Add acpi match changes for Intel MTL
# good: [46c8b4d2a693eca69a2191436cffa44f489e98c7] ASoC: cs35l41: Fallback to reading Subsystem ID property if not ACPI
# good: [e336ab509b43ea601801dfa05b4270023c3ed007] spi: rename SPI_CS_CNT_MAX => SPI_DEVICE_CS_CNT_MAX
# good: [878702702dbbd933a5da601c75b8e58eadeec311] spi: ljca: Remove Wentong's e-mail address
# good: [20253f806818e9a1657a832ebcf4141d0a08c02a] spi: atmel-quadspi: Add support for sama7d65 QSPI
# good: [2aa28b748fc967a2f2566c06bdad155fba8af7d8] ASoC: da7213: Convert to DEFINE_RUNTIME_DEV_PM_OPS()
# good: [cb3c715d89607f8896c0f20fe528a08e7ebffea9] ASoC: soc-dapm: add snd_soc_dapm_set_idle_bias()
# good: [2c618f361ae6b9da7fafafc289051728ef4c6ea3] ASoC: fsl: fsl_qmc_audio: Drop struct qmc_dai_chan
# good: [0f67557763accbdd56681f17ed5350735198c57b] spi: spi-nxp-fspi: Add OCT-DTR mode support
# good: [0266f9541038b9b98ddd387132b5bdfe32a304e3] ASoC: codecs: wcd937x: get regmap directly
# good: [a24802b0a2a238eaa610b0b0e87a4500a35de64a] spi: spi-qpic-snand: simplify clock handling by using devm_clk_get_enabled()
# good: [abe962346ef420998d47ba1c2fe591582f69e92e] regulator: Fix MAX77838 selection
# good: [ab63e9910d2d3ea4b8e6c08812258a676defcb9c] spi: mt65xx: add dual and quad mode for standard spi device
# good: [88d0d17192c5a850dc07bb38035b69c4cefde270] ASoC: dt-bindings: add bindings for pm4125 audio codec
# good: [8b84d712ad849172f6bbcad57534b284d942b0b5] regulator: spacemit: support SpacemiT P1 regulators
# good: [8d7de4a014f589c1776959f7fdadbf7b12045aac] ASoC: dt-bindings: asahi-kasei,ak4458: Reference common DAI properties
# good: [6a1f303cba45fa3b612d5a2898b1b1b045eb74e3] regulator: max77838: add max77838 regulator driver
# good: [4d906371d1f9fc9ce47b2c8f37444680246557bc] nsfs: drop tautological ioctl() check
# good: [f8527a29f4619f74bc30a9845ea87abb9a6faa1e] nsfs: validate extensible ioctls
# good: [8b184c34806e5da4d4847fabd3faeff38b47e70a] ASoC: Intel: hda-sdw-bpt: set persistent_buffer false
# good: [18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4] spi: amlogic: Fix error checking on regmap_write call
# good: [1217b573978482ae7d21dc5c0bf5aa5007b24f90] ASoC: codecs: pcm1754: add pcm1754 dac driver
# good: [59ba108806516adeaed51a536d55d4f5e9645881] ASoC: dt-bindings: linux,spdif: Add "port" node
# good: [30db1b21fa37a2f37c7f4d71864405a05e889833] spi: axi-spi-engine: use adi_axi_pcore_ver_gteq()
# good: [2e0fd4583d0efcdc260e61a22666c8368f505353] rust: regulator: add devm_enable and devm_enable_optional
# good: [6a129b2ca5c533aec89fbeb58470811cc4102642] MAINTAINERS: Add an entry for Amlogic spifc driver
# good: [d9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595] spi: cadence-quadspi: Use BIT() macros where possible
# good: [e5b4ad2183f7ab18aaf7c73a120d17241ee58e97] ASoC: cs-amp-lib-test: Add test for getting cal data from HP EFI
# good: [1cf87861a2e02432fb68f8bcc8f20a8e42acde59] ASoC: codecs: tlv320dac33: Convert to use gpiod api
# good: [5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5] regulator: dt-bindings: rpi-panel: Split 7" Raspberry Pi 720x1280 v2 binding
# good: [4336efb59ef364e691ef829a73d9dbd4d5ed7c7b] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
# good: [2c625f0fe2db4e6a58877ce2318df3aa312eb791] spi: dt-bindings: samsung: Drop S3C2443
# good: [7d083666123a425ba9f81dff1a52955b1f226540] ASoC: renesas: rz-ssi: Use guard() for spin locks
# good: [b497e1a1a2b10c4ddb28064fba229365ae03311a] regulator: pf530x: Add a driver for the NXP PF5300 Regulator
# good: [9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634] ASoC: replace use of system_unbound_wq with system_dfl_wq
# good: [0ccc1eeda155c947d88ef053e0b54e434e218ee2] ASoC: dt-bindings: wlf,wm8960: Document routing strings (pin names)
# good: [7748328c2fd82efed24257b2bfd796eb1fa1d09b] ASoC: dt-bindings: qcom,lpass-va-macro: Update bindings for clocks to support ADSP
# good: [dd7ae5b8b3c291c0206f127a564ae1e316705ca0] ASoC: cs42l43: Shutdown jack detection on suspend
# good: [94b39cb3ad6db935b585988b36378884199cd5fc] spi: mxs: fix "transfered"->"transferred"
# good: [5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd] spi: spi-fsl-dspi: Report FIFO overflows as errors
# good: [ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c] ASoC: codecs: lpass-wsa-macro: add Codev version 2.9
# good: [06dd3eda0e958cdae48ca755eb5047484f678d78] Merge branch 'vfs-6.18.rust' into vfs.all
# good: [ce57b718006a069226b5e5d3afe7969acd59154e] ASoC: Intel: avs: ssm4567: Adjust platform name
# good: [3279052eab235bfb7130b1fabc74029c2260ed8d] ASoC: SOF: ipc4-topology: Fix a less than zero check on a u32
# good: [6d33ce3634f99e0c6c9ce9fc111261f2c411cb48] selftests/nolibc: fix EXPECT_NZ macro
# good: [8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a] ASoC: qcom: audioreach: convert to cpu endainess type before accessing
# good: [9d35d068fb138160709e04e3ee97fe29a6f8615b] regulator: scmi: Use int type to store negative error codes
# good: [8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb] ASoC: soc-dapm: rename snd_soc_kcontrol_component() to snd_soc_kcontrol_to_component()
# good: [3d439e1ec3368fae17db379354bd7a9e568ca0ab] ASoC: sof: ipc4-topology: Add support to sched_domain attribute
# good: [5c39bc498f5ff7ef016abf3f16698f3e8db79677] ASoC: SOF: Intel: only detect codecs when HDA DSP probe
# good: [07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9] ASoC: SOF: sof-client: Introduce sof_client_dev_entry structure
# good: [f7c41911ad744177d8289820f01009dc93d8f91c] ASoC: SOF: ipc4-topology: Add support for float sample type
# good: [f522da9ab56c96db8703b2ea0f09be7cdc3bffeb] ASoC: doc: Internally link to Writing an ALSA Driver docs
# good: [d57d27171c92e9049d5301785fb38de127b28fbf] ASoC: SOF: sof-client-probes: Add available points_info(), IPC4 only
# good: [a37280daa4d583c7212681c49b285de9464a5200] ASoC: Intel: avs: Allow i2s test and non-test boards to coexist
# good: [b088b6189a4066b97cef459afd312fd168a76dea] ASoC: mediatek: common: Switch to for_each_available_child_of_node_scoped()
# good: [c42e36a488c7e01f833fc9f4814f735b66b2d494] spi: Drop dev_pm_domain_detach() call
# good: [ff9a7857b7848227788f113d6dc6a72e989084e0] spi: rb4xx: use devm for clk_prepare_enable
# good: [f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c] regmap: use int type to store negative error codes
# good: [edb5c1f885207d1d74e8a1528e6937e02829ee6e] ASoC: renesas: msiof: start DMAC first
# good: [6c177775dcc5e70a64ddf4ee842c66af498f2c7c] Merge branch 'next/drivers' into for-next
# good: [11f5c5f9e43e9020bae452232983fe98e7abfce0] ASoC: qcom: use int type to store negative error codes
# good: [899fb38dd76dd3ede425bbaf8a96d390180a5d1c] regulator: core: Remove redundant ternary operators
# good: [5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4] ASoC: amd: acp: Remove (explicitly) unused header
# good: [e2ab5f600bb01d3625d667d97b3eb7538e388336] rust: regulator: use `to_result` for error handling
# good: [a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c] ASoC: tlv320aic32x4: use dev_err_probe() for regulators
# good: [f840737d1746398c2993be34bfdc80bdc19ecae2] ASoC: SOF: imx: Remove the use of dev_err_probe()
# good: [d78e48ebe04e9566f8ecbf51471e80da3adbceeb] ASoC: dt-bindings: Minor whitespace cleanup in example
# good: [136d029662cdde77d3e4db5c07de655f35f0239f] Documentation/staging: Fix typo and incorrect citation in crc32.rst
# good: [96bcb34df55f7fee99795127c796315950c94fed] ASoC: test-component: Use kcalloc() instead of kzalloc()
# good: [c232495d28ca092d0c39b10e35d3d613bd2414ab] ASoC: dt-bindings: omap-twl4030: convert to DT schema
# good: [ec0be3cdf40b5302248f3fb27a911cc630e8b855] regulator: consumer.rst: document bulk operations
# good: [27848c082ba0b22850fd9fb7b185c015423dcdc7] spi: s3c64xx: Remove the use of dev_err_probe()
# good: [c1dd310f1d76b4b13f1854618087af2513140897] spi: SPISG: Use devm_kcalloc() in aml_spisg_clk_init()
# good: [da9881d00153cc6d3917f6b74144b1d41b58338c] ASoC: qcom: audioreach: add support for SMECNS module
# good: [cf65182247761f7993737b710afe8c781699356b] ASoC: codecs: wsa883x: Handle shared reset GPIO for WSA883x speakers
# good: [550bc517e59347b3b1af7d290eac4fb1411a3d4e] regulator: bd718x7: Use kcalloc() instead of kzalloc()
# good: [2a55135201d5e24b80b7624880ff42eafd8e320c] ASoC: Intel: avs: Streamline register-component function names
# good: [daf855f76a1210ceed9541f71ac5dd9be02018a6] ASoC: es8323: enable DAPM power widgets for playback DAC
# good: [0056b410355713556d8a10306f82e55b28d33ba8] spi: offload trigger: adi-util-sigma-delta: clean up imports
# good: [90179609efa421b1ccc7d8eafbc078bafb25777c] spi: spl022: use min_t() to improve code
# good: [258384d8ce365dddd6c5c15204de8ccd53a7ab0a] ASoC: es8323: enable DAPM power widgets for playback DAC and output
# good: [48124569bbc6bfda1df3e9ee17b19d559f4b1aa3] spi: remove unneeded 'fast_io' parameter in regmap_config
# good: [6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d] regulator: rt5133: Fix spelling mistake "regualtor" -> "regulator"
# good: [0e62438e476494a1891a8822b9785bc6e73e9c3f] ASoC: Intel: sst: Remove redundant semicolons
# good: [37533933bfe92cd5a99ef4743f31dac62ccc8de0] regulator: remove unneeded 'fast_io' parameter in regmap_config
# good: [a46e95c81e3a28926ab1904d9f754fef8318074d] ASoC: wl1273: Remove
# good: [5c36b86d2bf68fbcad16169983ef7ee8c537db59] regmap: Remove superfluous check for !config in __regmap_init()
# good: [714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb] regulator: rt5133: Add RT5133 PMIC regulator Support
# good: [9c45f95222beecd6a284fd1284d54dd7a772cf59] spi: spi-qpic-snand: handle 'use_ecc' parameter of qcom_spi_config_cw_read()
# good: [bab4ab484a6ca170847da9bffe86f1fa90df4bbe] ASoC: dt-bindings: Convert brcm,bcm2835-i2s to DT schema
# good: [b832b19318534bb4f1673b24d78037fee339c679] spi: loopback-test: Don't use %pK through printk
# good: [8c02c8353460f8630313aef6810f34e134a3c1ee] ASoC: dt-bindings: realtek,alc5623: convert to DT schema
# good: [6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1] spi: spi-qpic-snand: remove 'clr*status' members of struct 'qpic_ecc'
# good: [a54ef14188519a0994d0264f701f5771815fa11e] regulator: dt-bindings: Clean-up active-semi,act8945a duplication
# good: [2291a2186305faaf8525d57849d8ba12ad63f5e7] MAINTAINERS: Add entry for FourSemi audio amplifiers
# good: [cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34] ASoC: soc-component: unpack snd_soc_component_init_bias_level()
# good: [595b7f155b926460a00776cc581e4dcd01220006] ASoC: Intel: avs: Conditional-path support
# good: [a1d0b0ae65ae3f32597edfbb547f16c75601cd87] spi: spi-qpic-snand: avoid double assignment in qcom_spi_probe()
# good: [3059067fd3378a5454e7928c08d20bf3ef186760] ASoC: cs48l32: Use PTR_ERR_OR_ZERO() to simplify code
# good: [9a200cbdb54349909a42b45379e792e4b39dd223] rust: regulator: implement Send and Sync for Regulator<T>
# good: [2d86d2585ab929a143d1e6f8963da1499e33bf13] ASoC: pxa: add GPIOLIB_LEGACY dependency
# good: [162e23657e5379f07c6404dbfbf4367cb438ea7d] regulator: pf0900: Add PMIC PF0900 support
# good: [886f42ce96e7ce80545704e7168a9c6b60cd6c03] regmap: mmio: Add missing MODULE_DESCRIPTION()
git bisect start 'b5a4da2c459f79a2c87c867398f1c0c315779781' '69ed2a71d8f82f4304aa52c2c4abf41d1c1f4c7e' 'e609438851928381e39b5393f17156955a84122a' '5fa7d739f811bdffb5fc99696c2e821344fe0b88' 'f98cabe3f6cf6396b3ae0264800d9b53d7612433' 'ad4728740bd68d74365a43acc25a65339a9b2173' '63b4c34635cf32af023796b64c855dd1ed0f0a4f' '46c8b4d2a693eca69a2191436cffa44f489e98c7' 'e336ab509b43ea601801dfa05b4270023c3ed007' '878702702dbbd933a5da601c75b8e58eadeec311' '20253f806818e9a1657a832ebcf4141d0a08c02a' '2aa28b748fc967a2f2566c06bdad155fba8af7d8' 'cb3c715d89607f8896c0f20fe528a08e7ebffea9' '2c618f361ae6b9da7fafafc289051728ef4c6ea3' '0f67557763accbdd56681f17ed5350735198c57b' '0266f9541038b9b98ddd387132b5bdfe32a304e3' 'a24802b0a2a238eaa610b0b0e87a4500a35de64a' 'abe962346ef420998d47ba1c2fe591582f69e92e' 'ab63e9910d2d3ea4b8e6c08812258a676defcb9c' '88d0d17192c5a850dc07bb38035b69c4cefde270' '8b84d712ad849172f6bbcad57534b284d942b0b5' '8d7de4a014f589c1776959f7fdadbf7b12045aac' '6a1f303cba45fa3b612d5a2898b1b1b045eb74e3' '4d906371d1f9fc9ce47b2c8f37444680246557bc' 'f8527a29f4619f74bc30a9845ea87abb9a6faa1e' '8b184c34806e5da4d4847fabd3faeff38b47e70a' '18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4' '1217b573978482ae7d21dc5c0bf5aa5007b24f90' '59ba108806516adeaed51a536d55d4f5e9645881' '30db1b21fa37a2f37c7f4d71864405a05e889833' '2e0fd4583d0efcdc260e61a22666c8368f505353' '6a129b2ca5c533aec89fbeb58470811cc4102642' 'd9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595' 'e5b4ad2183f7ab18aaf7c73a120d17241ee58e97' '1cf87861a2e02432fb68f8bcc8f20a8e42acde59' '5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5' '4336efb59ef364e691ef829a73d9dbd4d5ed7c7b' '2c625f0fe2db4e6a58877ce2318df3aa312eb791' '7d083666123a425ba9f81dff1a52955b1f226540' 'b497e1a1a2b10c4ddb28064fba229365ae03311a' '9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634' '0ccc1eeda155c947d88ef053e0b54e434e218ee2' '7748328c2fd82efed24257b2bfd796eb1fa1d09b' 'dd7ae5b8b3c291c0206f127a564ae1e316705ca0' '94b39cb3ad6db935b585988b36378884199cd5fc' '5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd' 'ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c' '06dd3eda0e958cdae48ca755eb5047484f678d78' 'ce57b718006a069226b5e5d3afe7969acd59154e' '3279052eab235bfb7130b1fabc74029c2260ed8d' '6d33ce3634f99e0c6c9ce9fc111261f2c411cb48' '8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a' '9d35d068fb138160709e04e3ee97fe29a6f8615b' '8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb' '3d439e1ec3368fae17db379354bd7a9e568ca0ab' '5c39bc498f5ff7ef016abf3f16698f3e8db79677' '07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9' 'f7c41911ad744177d8289820f01009dc93d8f91c' 'f522da9ab56c96db8703b2ea0f09be7cdc3bffeb' 'd57d27171c92e9049d5301785fb38de127b28fbf' 'a37280daa4d583c7212681c49b285de9464a5200' 'b088b6189a4066b97cef459afd312fd168a76dea' 'c42e36a488c7e01f833fc9f4814f735b66b2d494' 'ff9a7857b7848227788f113d6dc6a72e989084e0' 'f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c' 'edb5c1f885207d1d74e8a1528e6937e02829ee6e' '6c177775dcc5e70a64ddf4ee842c66af498f2c7c' '11f5c5f9e43e9020bae452232983fe98e7abfce0' '899fb38dd76dd3ede425bbaf8a96d390180a5d1c' '5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4' 'e2ab5f600bb01d3625d667d97b3eb7538e388336' 'a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c' 'f840737d1746398c2993be34bfdc80bdc19ecae2' 'd78e48ebe04e9566f8ecbf51471e80da3adbceeb' '136d029662cdde77d3e4db5c07de655f35f0239f' '96bcb34df55f7fee99795127c796315950c94fed' 'c232495d28ca092d0c39b10e35d3d613bd2414ab' 'ec0be3cdf40b5302248f3fb27a911cc630e8b855' '27848c082ba0b22850fd9fb7b185c015423dcdc7' 'c1dd310f1d76b4b13f1854618087af2513140897' 'da9881d00153cc6d3917f6b74144b1d41b58338c' 'cf65182247761f7993737b710afe8c781699356b' '550bc517e59347b3b1af7d290eac4fb1411a3d4e' '2a55135201d5e24b80b7624880ff42eafd8e320c' 'daf855f76a1210ceed9541f71ac5dd9be02018a6' '0056b410355713556d8a10306f82e55b28d33ba8' '90179609efa421b1ccc7d8eafbc078bafb25777c' '258384d8ce365dddd6c5c15204de8ccd53a7ab0a' '48124569bbc6bfda1df3e9ee17b19d559f4b1aa3' '6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d' '0e62438e476494a1891a8822b9785bc6e73e9c3f' '37533933bfe92cd5a99ef4743f31dac62ccc8de0' 'a46e95c81e3a28926ab1904d9f754fef8318074d' '5c36b86d2bf68fbcad16169983ef7ee8c537db59' '714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb' '9c45f95222beecd6a284fd1284d54dd7a772cf59' 'bab4ab484a6ca170847da9bffe86f1fa90df4bbe' 'b832b19318534bb4f1673b24d78037fee339c679' '8c02c8353460f8630313aef6810f34e134a3c1ee' '6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1' 'a54ef14188519a0994d0264f701f5771815fa11e' '2291a2186305faaf8525d57849d8ba12ad63f5e7' 'cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34' '595b7f155b926460a00776cc581e4dcd01220006' 'a1d0b0ae65ae3f32597edfbb547f16c75601cd87' '3059067fd3378a5454e7928c08d20bf3ef186760' '9a200cbdb54349909a42b45379e792e4b39dd223' '2d86d2585ab929a143d1e6f8963da1499e33bf13' '162e23657e5379f07c6404dbfbf4367cb438ea7d' '886f42ce96e7ce80545704e7168a9c6b60cd6c03'
# test job: [e609438851928381e39b5393f17156955a84122a] https://lava.sirena.org.uk/scheduler/job/1868301
# test job: [5fa7d739f811bdffb5fc99696c2e821344fe0b88] https://lava.sirena.org.uk/scheduler/job/1868351
# test job: [f98cabe3f6cf6396b3ae0264800d9b53d7612433] https://lava.sirena.org.uk/scheduler/job/1862378
# test job: [ad4728740bd68d74365a43acc25a65339a9b2173] https://lava.sirena.org.uk/scheduler/job/1862571
# test job: [63b4c34635cf32af023796b64c855dd1ed0f0a4f] https://lava.sirena.org.uk/scheduler/job/1863569
# test job: [46c8b4d2a693eca69a2191436cffa44f489e98c7] https://lava.sirena.org.uk/scheduler/job/1862012
# test job: [e336ab509b43ea601801dfa05b4270023c3ed007] https://lava.sirena.org.uk/scheduler/job/1862870
# test job: [878702702dbbd933a5da601c75b8e58eadeec311] https://lava.sirena.org.uk/scheduler/job/1863783
# test job: [20253f806818e9a1657a832ebcf4141d0a08c02a] https://lava.sirena.org.uk/scheduler/job/1848487
# test job: [2aa28b748fc967a2f2566c06bdad155fba8af7d8] https://lava.sirena.org.uk/scheduler/job/1848316
# test job: [cb3c715d89607f8896c0f20fe528a08e7ebffea9] https://lava.sirena.org.uk/scheduler/job/1847531
# test job: [2c618f361ae6b9da7fafafc289051728ef4c6ea3] https://lava.sirena.org.uk/scheduler/job/1850256
# test job: [0f67557763accbdd56681f17ed5350735198c57b] https://lava.sirena.org.uk/scheduler/job/1848730
# test job: [0266f9541038b9b98ddd387132b5bdfe32a304e3] https://lava.sirena.org.uk/scheduler/job/1848825
# test job: [a24802b0a2a238eaa610b0b0e87a4500a35de64a] https://lava.sirena.org.uk/scheduler/job/1847698
# test job: [abe962346ef420998d47ba1c2fe591582f69e92e] https://lava.sirena.org.uk/scheduler/job/1840610
# test job: [ab63e9910d2d3ea4b8e6c08812258a676defcb9c] https://lava.sirena.org.uk/scheduler/job/1838203
# test job: [88d0d17192c5a850dc07bb38035b69c4cefde270] https://lava.sirena.org.uk/scheduler/job/1834007
# test job: [8b84d712ad849172f6bbcad57534b284d942b0b5] https://lava.sirena.org.uk/scheduler/job/1834035
# test job: [8d7de4a014f589c1776959f7fdadbf7b12045aac] https://lava.sirena.org.uk/scheduler/job/1833177
# test job: [6a1f303cba45fa3b612d5a2898b1b1b045eb74e3] https://lava.sirena.org.uk/scheduler/job/1830452
# test job: [4d906371d1f9fc9ce47b2c8f37444680246557bc] https://lava.sirena.org.uk/scheduler/job/1832437
# test job: [f8527a29f4619f74bc30a9845ea87abb9a6faa1e] https://lava.sirena.org.uk/scheduler/job/1832501
# test job: [8b184c34806e5da4d4847fabd3faeff38b47e70a] https://lava.sirena.org.uk/scheduler/job/1829208
# test job: [18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4] https://lava.sirena.org.uk/scheduler/job/1829126
# test job: [1217b573978482ae7d21dc5c0bf5aa5007b24f90] https://lava.sirena.org.uk/scheduler/job/1809935
# test job: [59ba108806516adeaed51a536d55d4f5e9645881] https://lava.sirena.org.uk/scheduler/job/1812752
# test job: [30db1b21fa37a2f37c7f4d71864405a05e889833] https://lava.sirena.org.uk/scheduler/job/1811000
# test job: [2e0fd4583d0efcdc260e61a22666c8368f505353] https://lava.sirena.org.uk/scheduler/job/1806799
# test job: [6a129b2ca5c533aec89fbeb58470811cc4102642] https://lava.sirena.org.uk/scheduler/job/1805795
# test job: [d9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595] https://lava.sirena.org.uk/scheduler/job/1800095
# test job: [e5b4ad2183f7ab18aaf7c73a120d17241ee58e97] https://lava.sirena.org.uk/scheduler/job/1799490
# test job: [1cf87861a2e02432fb68f8bcc8f20a8e42acde59] https://lava.sirena.org.uk/scheduler/job/1795075
# test job: [5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5] https://lava.sirena.org.uk/scheduler/job/1795939
# test job: [4336efb59ef364e691ef829a73d9dbd4d5ed7c7b] https://lava.sirena.org.uk/scheduler/job/1795892
# test job: [2c625f0fe2db4e6a58877ce2318df3aa312eb791] https://lava.sirena.org.uk/scheduler/job/1794526
# test job: [7d083666123a425ba9f81dff1a52955b1f226540] https://lava.sirena.org.uk/scheduler/job/1794861
# test job: [b497e1a1a2b10c4ddb28064fba229365ae03311a] https://lava.sirena.org.uk/scheduler/job/1780204
# test job: [9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634] https://lava.sirena.org.uk/scheduler/job/1779465
# test job: [0ccc1eeda155c947d88ef053e0b54e434e218ee2] https://lava.sirena.org.uk/scheduler/job/1773032
# test job: [7748328c2fd82efed24257b2bfd796eb1fa1d09b] https://lava.sirena.org.uk/scheduler/job/1773343
# test job: [dd7ae5b8b3c291c0206f127a564ae1e316705ca0] https://lava.sirena.org.uk/scheduler/job/1773264
# test job: [94b39cb3ad6db935b585988b36378884199cd5fc] https://lava.sirena.org.uk/scheduler/job/1768594
# test job: [5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd] https://lava.sirena.org.uk/scheduler/job/1769303
# test job: [ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c] https://lava.sirena.org.uk/scheduler/job/1768977
# test job: [06dd3eda0e958cdae48ca755eb5047484f678d78] https://lava.sirena.org.uk/scheduler/job/1832025
# test job: [ce57b718006a069226b5e5d3afe7969acd59154e] https://lava.sirena.org.uk/scheduler/job/1768708
# test job: [3279052eab235bfb7130b1fabc74029c2260ed8d] https://lava.sirena.org.uk/scheduler/job/1762443
# test job: [6d33ce3634f99e0c6c9ce9fc111261f2c411cb48] https://lava.sirena.org.uk/scheduler/job/1780072
# test job: [8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a] https://lava.sirena.org.uk/scheduler/job/1760110
# test job: [9d35d068fb138160709e04e3ee97fe29a6f8615b] https://lava.sirena.org.uk/scheduler/job/1758669
# test job: [8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb] https://lava.sirena.org.uk/scheduler/job/1758549
# test job: [3d439e1ec3368fae17db379354bd7a9e568ca0ab] https://lava.sirena.org.uk/scheduler/job/1753438
# test job: [5c39bc498f5ff7ef016abf3f16698f3e8db79677] https://lava.sirena.org.uk/scheduler/job/1752464
# test job: [07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9] https://lava.sirena.org.uk/scheduler/job/1752286
# test job: [f7c41911ad744177d8289820f01009dc93d8f91c] https://lava.sirena.org.uk/scheduler/job/1752277
# test job: [f522da9ab56c96db8703b2ea0f09be7cdc3bffeb] https://lava.sirena.org.uk/scheduler/job/1751873
# test job: [d57d27171c92e9049d5301785fb38de127b28fbf] https://lava.sirena.org.uk/scheduler/job/1752634
# test job: [a37280daa4d583c7212681c49b285de9464a5200] https://lava.sirena.org.uk/scheduler/job/1746884
# test job: [b088b6189a4066b97cef459afd312fd168a76dea] https://lava.sirena.org.uk/scheduler/job/1746221
# test job: [c42e36a488c7e01f833fc9f4814f735b66b2d494] https://lava.sirena.org.uk/scheduler/job/1746231
# test job: [ff9a7857b7848227788f113d6dc6a72e989084e0] https://lava.sirena.org.uk/scheduler/job/1746324
# test job: [f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c] https://lava.sirena.org.uk/scheduler/job/1747874
# test job: [edb5c1f885207d1d74e8a1528e6937e02829ee6e] https://lava.sirena.org.uk/scheduler/job/1746145
# test job: [6c177775dcc5e70a64ddf4ee842c66af498f2c7c] https://lava.sirena.org.uk/scheduler/job/1780443
# test job: [11f5c5f9e43e9020bae452232983fe98e7abfce0] https://lava.sirena.org.uk/scheduler/job/1747495
# test job: [899fb38dd76dd3ede425bbaf8a96d390180a5d1c] https://lava.sirena.org.uk/scheduler/job/1747371
# test job: [5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4] https://lava.sirena.org.uk/scheduler/job/1747664
# test job: [e2ab5f600bb01d3625d667d97b3eb7538e388336] https://lava.sirena.org.uk/scheduler/job/1746572
# test job: [a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c] https://lava.sirena.org.uk/scheduler/job/1734064
# test job: [f840737d1746398c2993be34bfdc80bdc19ecae2] https://lava.sirena.org.uk/scheduler/job/1727349
# test job: [d78e48ebe04e9566f8ecbf51471e80da3adbceeb] https://lava.sirena.org.uk/scheduler/job/1706173
# test job: [136d029662cdde77d3e4db5c07de655f35f0239f] https://lava.sirena.org.uk/scheduler/job/1780406
# test job: [96bcb34df55f7fee99795127c796315950c94fed] https://lava.sirena.org.uk/scheduler/job/1699603
# test job: [c232495d28ca092d0c39b10e35d3d613bd2414ab] https://lava.sirena.org.uk/scheduler/job/1699550
# test job: [ec0be3cdf40b5302248f3fb27a911cc630e8b855] https://lava.sirena.org.uk/scheduler/job/1694311
# test job: [27848c082ba0b22850fd9fb7b185c015423dcdc7] https://lava.sirena.org.uk/scheduler/job/1693098
# test job: [c1dd310f1d76b4b13f1854618087af2513140897] https://lava.sirena.org.uk/scheduler/job/1692990
# test job: [da9881d00153cc6d3917f6b74144b1d41b58338c] https://lava.sirena.org.uk/scheduler/job/1693415
# test job: [cf65182247761f7993737b710afe8c781699356b] https://lava.sirena.org.uk/scheduler/job/1687536
# test job: [550bc517e59347b3b1af7d290eac4fb1411a3d4e] https://lava.sirena.org.uk/scheduler/job/1685913
# test job: [2a55135201d5e24b80b7624880ff42eafd8e320c] https://lava.sirena.org.uk/scheduler/job/1685775
# test job: [daf855f76a1210ceed9541f71ac5dd9be02018a6] https://lava.sirena.org.uk/scheduler/job/1685463
# test job: [0056b410355713556d8a10306f82e55b28d33ba8] https://lava.sirena.org.uk/scheduler/job/1685632
# test job: [90179609efa421b1ccc7d8eafbc078bafb25777c] https://lava.sirena.org.uk/scheduler/job/1686082
# test job: [258384d8ce365dddd6c5c15204de8ccd53a7ab0a] https://lava.sirena.org.uk/scheduler/job/1673404
# test job: [48124569bbc6bfda1df3e9ee17b19d559f4b1aa3] https://lava.sirena.org.uk/scheduler/job/1670194
# test job: [6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d] https://lava.sirena.org.uk/scheduler/job/1673155
# test job: [0e62438e476494a1891a8822b9785bc6e73e9c3f] https://lava.sirena.org.uk/scheduler/job/1669533
# test job: [37533933bfe92cd5a99ef4743f31dac62ccc8de0] https://lava.sirena.org.uk/scheduler/job/1668976
# test job: [a46e95c81e3a28926ab1904d9f754fef8318074d] https://lava.sirena.org.uk/scheduler/job/1673737
# test job: [5c36b86d2bf68fbcad16169983ef7ee8c537db59] https://lava.sirena.org.uk/scheduler/job/1667939
# test job: [714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb] https://lava.sirena.org.uk/scheduler/job/1667687
# test job: [9c45f95222beecd6a284fd1284d54dd7a772cf59] https://lava.sirena.org.uk/scheduler/job/1667605
# test job: [bab4ab484a6ca170847da9bffe86f1fa90df4bbe] https://lava.sirena.org.uk/scheduler/job/1664696
# test job: [b832b19318534bb4f1673b24d78037fee339c679] https://lava.sirena.org.uk/scheduler/job/1659192
# test job: [8c02c8353460f8630313aef6810f34e134a3c1ee] https://lava.sirena.org.uk/scheduler/job/1659256
# test job: [6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1] https://lava.sirena.org.uk/scheduler/job/1656575
# test job: [a54ef14188519a0994d0264f701f5771815fa11e] https://lava.sirena.org.uk/scheduler/job/1656016
# test job: [2291a2186305faaf8525d57849d8ba12ad63f5e7] https://lava.sirena.org.uk/scheduler/job/1655762
# test job: [cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34] https://lava.sirena.org.uk/scheduler/job/1654786
# test job: [595b7f155b926460a00776cc581e4dcd01220006] https://lava.sirena.org.uk/scheduler/job/1653153
# test job: [a1d0b0ae65ae3f32597edfbb547f16c75601cd87] https://lava.sirena.org.uk/scheduler/job/1654229
# test job: [3059067fd3378a5454e7928c08d20bf3ef186760] https://lava.sirena.org.uk/scheduler/job/1654000
# test job: [9a200cbdb54349909a42b45379e792e4b39dd223] https://lava.sirena.org.uk/scheduler/job/1654755
# test job: [2d86d2585ab929a143d1e6f8963da1499e33bf13] https://lava.sirena.org.uk/scheduler/job/1654130
# test job: [162e23657e5379f07c6404dbfbf4367cb438ea7d] https://lava.sirena.org.uk/scheduler/job/1652972
# test job: [886f42ce96e7ce80545704e7168a9c6b60cd6c03] https://lava.sirena.org.uk/scheduler/job/1654301
# test job: [b5a4da2c459f79a2c87c867398f1c0c315779781] https://lava.sirena.org.uk/scheduler/job/1882210
# bad: [b5a4da2c459f79a2c87c867398f1c0c315779781] Add linux-next specific files for 20250924
git bisect bad b5a4da2c459f79a2c87c867398f1c0c315779781
# test job: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] https://lava.sirena.org.uk/scheduler/job/1818582
# bad: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] kernel/acct.c: saner struct file treatment
git bisect bad ccc54b556054d20a1e04eac48200e63e6b87fe1c
# test job: [b320789d6883cc00ac78ce83bccbfe7ed58afcf0] https://lava.sirena.org.uk/scheduler/job/1756559
# good: [b320789d6883cc00ac78ce83bccbfe7ed58afcf0] Linux 6.17-rc4
git bisect good b320789d6883cc00ac78ce83bccbfe7ed58afcf0
# first bad commit: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] kernel/acct.c: saner struct file treatment

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Jan Kara]

Thanks for report Mark!

On Thu 25-09-25 12:40:02, Mark Brown wrote:
> On Sat, Sep 06, 2025 at 10:13:39AM +0100, Al Viro wrote:
> > [first commit in work.f_path]
> > 
> > 	Instead of switching ->f_path.mnt of an opened file to internal
> > clone, resolve the pathname, get a struct path with ->mnt set to internal
> > clone, then dentry_open() that to get the file with right ->f_path.mnt
> > from the very beginning.
> 
> I'm seeing test failures in -next on the LTP acct01 test which bisect to
> this patch.  The test fails with:
> 
> acct01.c:123: TFAIL: acct(.) expected EISDIR: EACCES (13)

This is mostly harmless (just the returned error code changed) but it is a
side effect of one thing I'd like to discuss: The original code uses
file_open_name(O_WRONLY|O_APPEND|O_LARGEFILE) to open the file to write
data to. The new code uses dentry_open() for that. Now one important
difference between these two is that dentry_open() doesn't end up calling
may_open() on the path and hence now acct_on() fails to check file
permissions which looks like a bug? Am I missing something Al?

								Honza

> acct01.c:123: TPASS: acct(/dev/null) : EACCES (13)
> acct01.c:123: TPASS: acct(/tmp/does/not/exist) : ENOENT (2)
> acct01.c:123: TPASS: acct(./tmpfile/) : ENOTDIR (20)
> acct01.c:123: TPASS: acct(./tmpfile) : EPERM (1)
> acct01.c:123: TPASS: acct(NULL) : EPERM (1)
> acct01.c:123: TPASS: acct(test_file_eloop1) : ELOOP (40)
> acct01.c:123: TPASS: acct(aaaa...) : ENAMETOOLONG (36)
> acct01.c:123: TPASS: acct(ro_mntpoint/file) : EROFS (30)
> acct01.c:123: TPASS: acct(Invalid address) : EFAULT (14)
> Summary:
> passed   9
> failed   1
> broken   0
> skipped  0
> warnings 0
> 
> Full log:
> 
>    https://lava.sirena.org.uk/scheduler/job/1882210#L7052
> 
> Bisect log with links to more test runs, it looks like the bisect got
> very lucky and tested this patch first for some reason:
> 
> # bad: [b5a4da2c459f79a2c87c867398f1c0c315779781] Add linux-next specific files for 20250924
> # good: [69ed2a71d8f82f4304aa52c2c4abf41d1c1f4c7e] Merge branch 'for-linux-next-fixes' of https://gitlab.freedesktop.org/drm/misc/kernel.git
> # good: [e609438851928381e39b5393f17156955a84122a] regulator: dt-bindings: qcom,sdm845-refgen-regulator: document more platforms
> # good: [5fa7d739f811bdffb5fc99696c2e821344fe0b88] regulator: dt-bindings: qcom,sdm845-refgen-regulator: document more platforms
> # good: [f98cabe3f6cf6396b3ae0264800d9b53d7612433] SPI: Add virtio SPI driver
> # good: [ad4728740bd68d74365a43acc25a65339a9b2173] spi: rpc-if: Add resume support for RZ/G3E
> # good: [63b4c34635cf32af023796b64c855dd1ed0f0a4f] tas2783A: Add acpi match changes for Intel MTL
> # good: [46c8b4d2a693eca69a2191436cffa44f489e98c7] ASoC: cs35l41: Fallback to reading Subsystem ID property if not ACPI
> # good: [e336ab509b43ea601801dfa05b4270023c3ed007] spi: rename SPI_CS_CNT_MAX => SPI_DEVICE_CS_CNT_MAX
> # good: [878702702dbbd933a5da601c75b8e58eadeec311] spi: ljca: Remove Wentong's e-mail address
> # good: [20253f806818e9a1657a832ebcf4141d0a08c02a] spi: atmel-quadspi: Add support for sama7d65 QSPI
> # good: [2aa28b748fc967a2f2566c06bdad155fba8af7d8] ASoC: da7213: Convert to DEFINE_RUNTIME_DEV_PM_OPS()
> # good: [cb3c715d89607f8896c0f20fe528a08e7ebffea9] ASoC: soc-dapm: add snd_soc_dapm_set_idle_bias()
> # good: [2c618f361ae6b9da7fafafc289051728ef4c6ea3] ASoC: fsl: fsl_qmc_audio: Drop struct qmc_dai_chan
> # good: [0f67557763accbdd56681f17ed5350735198c57b] spi: spi-nxp-fspi: Add OCT-DTR mode support
> # good: [0266f9541038b9b98ddd387132b5bdfe32a304e3] ASoC: codecs: wcd937x: get regmap directly
> # good: [a24802b0a2a238eaa610b0b0e87a4500a35de64a] spi: spi-qpic-snand: simplify clock handling by using devm_clk_get_enabled()
> # good: [abe962346ef420998d47ba1c2fe591582f69e92e] regulator: Fix MAX77838 selection
> # good: [ab63e9910d2d3ea4b8e6c08812258a676defcb9c] spi: mt65xx: add dual and quad mode for standard spi device
> # good: [88d0d17192c5a850dc07bb38035b69c4cefde270] ASoC: dt-bindings: add bindings for pm4125 audio codec
> # good: [8b84d712ad849172f6bbcad57534b284d942b0b5] regulator: spacemit: support SpacemiT P1 regulators
> # good: [8d7de4a014f589c1776959f7fdadbf7b12045aac] ASoC: dt-bindings: asahi-kasei,ak4458: Reference common DAI properties
> # good: [6a1f303cba45fa3b612d5a2898b1b1b045eb74e3] regulator: max77838: add max77838 regulator driver
> # good: [4d906371d1f9fc9ce47b2c8f37444680246557bc] nsfs: drop tautological ioctl() check
> # good: [f8527a29f4619f74bc30a9845ea87abb9a6faa1e] nsfs: validate extensible ioctls
> # good: [8b184c34806e5da4d4847fabd3faeff38b47e70a] ASoC: Intel: hda-sdw-bpt: set persistent_buffer false
> # good: [18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4] spi: amlogic: Fix error checking on regmap_write call
> # good: [1217b573978482ae7d21dc5c0bf5aa5007b24f90] ASoC: codecs: pcm1754: add pcm1754 dac driver
> # good: [59ba108806516adeaed51a536d55d4f5e9645881] ASoC: dt-bindings: linux,spdif: Add "port" node
> # good: [30db1b21fa37a2f37c7f4d71864405a05e889833] spi: axi-spi-engine: use adi_axi_pcore_ver_gteq()
> # good: [2e0fd4583d0efcdc260e61a22666c8368f505353] rust: regulator: add devm_enable and devm_enable_optional
> # good: [6a129b2ca5c533aec89fbeb58470811cc4102642] MAINTAINERS: Add an entry for Amlogic spifc driver
> # good: [d9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595] spi: cadence-quadspi: Use BIT() macros where possible
> # good: [e5b4ad2183f7ab18aaf7c73a120d17241ee58e97] ASoC: cs-amp-lib-test: Add test for getting cal data from HP EFI
> # good: [1cf87861a2e02432fb68f8bcc8f20a8e42acde59] ASoC: codecs: tlv320dac33: Convert to use gpiod api
> # good: [5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5] regulator: dt-bindings: rpi-panel: Split 7" Raspberry Pi 720x1280 v2 binding
> # good: [4336efb59ef364e691ef829a73d9dbd4d5ed7c7b] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
> # good: [2c625f0fe2db4e6a58877ce2318df3aa312eb791] spi: dt-bindings: samsung: Drop S3C2443
> # good: [7d083666123a425ba9f81dff1a52955b1f226540] ASoC: renesas: rz-ssi: Use guard() for spin locks
> # good: [b497e1a1a2b10c4ddb28064fba229365ae03311a] regulator: pf530x: Add a driver for the NXP PF5300 Regulator
> # good: [9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634] ASoC: replace use of system_unbound_wq with system_dfl_wq
> # good: [0ccc1eeda155c947d88ef053e0b54e434e218ee2] ASoC: dt-bindings: wlf,wm8960: Document routing strings (pin names)
> # good: [7748328c2fd82efed24257b2bfd796eb1fa1d09b] ASoC: dt-bindings: qcom,lpass-va-macro: Update bindings for clocks to support ADSP
> # good: [dd7ae5b8b3c291c0206f127a564ae1e316705ca0] ASoC: cs42l43: Shutdown jack detection on suspend
> # good: [94b39cb3ad6db935b585988b36378884199cd5fc] spi: mxs: fix "transfered"->"transferred"
> # good: [5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd] spi: spi-fsl-dspi: Report FIFO overflows as errors
> # good: [ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c] ASoC: codecs: lpass-wsa-macro: add Codev version 2.9
> # good: [06dd3eda0e958cdae48ca755eb5047484f678d78] Merge branch 'vfs-6.18.rust' into vfs.all
> # good: [ce57b718006a069226b5e5d3afe7969acd59154e] ASoC: Intel: avs: ssm4567: Adjust platform name
> # good: [3279052eab235bfb7130b1fabc74029c2260ed8d] ASoC: SOF: ipc4-topology: Fix a less than zero check on a u32
> # good: [6d33ce3634f99e0c6c9ce9fc111261f2c411cb48] selftests/nolibc: fix EXPECT_NZ macro
> # good: [8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a] ASoC: qcom: audioreach: convert to cpu endainess type before accessing
> # good: [9d35d068fb138160709e04e3ee97fe29a6f8615b] regulator: scmi: Use int type to store negative error codes
> # good: [8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb] ASoC: soc-dapm: rename snd_soc_kcontrol_component() to snd_soc_kcontrol_to_component()
> # good: [3d439e1ec3368fae17db379354bd7a9e568ca0ab] ASoC: sof: ipc4-topology: Add support to sched_domain attribute
> # good: [5c39bc498f5ff7ef016abf3f16698f3e8db79677] ASoC: SOF: Intel: only detect codecs when HDA DSP probe
> # good: [07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9] ASoC: SOF: sof-client: Introduce sof_client_dev_entry structure
> # good: [f7c41911ad744177d8289820f01009dc93d8f91c] ASoC: SOF: ipc4-topology: Add support for float sample type
> # good: [f522da9ab56c96db8703b2ea0f09be7cdc3bffeb] ASoC: doc: Internally link to Writing an ALSA Driver docs
> # good: [d57d27171c92e9049d5301785fb38de127b28fbf] ASoC: SOF: sof-client-probes: Add available points_info(), IPC4 only
> # good: [a37280daa4d583c7212681c49b285de9464a5200] ASoC: Intel: avs: Allow i2s test and non-test boards to coexist
> # good: [b088b6189a4066b97cef459afd312fd168a76dea] ASoC: mediatek: common: Switch to for_each_available_child_of_node_scoped()
> # good: [c42e36a488c7e01f833fc9f4814f735b66b2d494] spi: Drop dev_pm_domain_detach() call
> # good: [ff9a7857b7848227788f113d6dc6a72e989084e0] spi: rb4xx: use devm for clk_prepare_enable
> # good: [f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c] regmap: use int type to store negative error codes
> # good: [edb5c1f885207d1d74e8a1528e6937e02829ee6e] ASoC: renesas: msiof: start DMAC first
> # good: [6c177775dcc5e70a64ddf4ee842c66af498f2c7c] Merge branch 'next/drivers' into for-next
> # good: [11f5c5f9e43e9020bae452232983fe98e7abfce0] ASoC: qcom: use int type to store negative error codes
> # good: [899fb38dd76dd3ede425bbaf8a96d390180a5d1c] regulator: core: Remove redundant ternary operators
> # good: [5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4] ASoC: amd: acp: Remove (explicitly) unused header
> # good: [e2ab5f600bb01d3625d667d97b3eb7538e388336] rust: regulator: use `to_result` for error handling
> # good: [a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c] ASoC: tlv320aic32x4: use dev_err_probe() for regulators
> # good: [f840737d1746398c2993be34bfdc80bdc19ecae2] ASoC: SOF: imx: Remove the use of dev_err_probe()
> # good: [d78e48ebe04e9566f8ecbf51471e80da3adbceeb] ASoC: dt-bindings: Minor whitespace cleanup in example
> # good: [136d029662cdde77d3e4db5c07de655f35f0239f] Documentation/staging: Fix typo and incorrect citation in crc32.rst
> # good: [96bcb34df55f7fee99795127c796315950c94fed] ASoC: test-component: Use kcalloc() instead of kzalloc()
> # good: [c232495d28ca092d0c39b10e35d3d613bd2414ab] ASoC: dt-bindings: omap-twl4030: convert to DT schema
> # good: [ec0be3cdf40b5302248f3fb27a911cc630e8b855] regulator: consumer.rst: document bulk operations
> # good: [27848c082ba0b22850fd9fb7b185c015423dcdc7] spi: s3c64xx: Remove the use of dev_err_probe()
> # good: [c1dd310f1d76b4b13f1854618087af2513140897] spi: SPISG: Use devm_kcalloc() in aml_spisg_clk_init()
> # good: [da9881d00153cc6d3917f6b74144b1d41b58338c] ASoC: qcom: audioreach: add support for SMECNS module
> # good: [cf65182247761f7993737b710afe8c781699356b] ASoC: codecs: wsa883x: Handle shared reset GPIO for WSA883x speakers
> # good: [550bc517e59347b3b1af7d290eac4fb1411a3d4e] regulator: bd718x7: Use kcalloc() instead of kzalloc()
> # good: [2a55135201d5e24b80b7624880ff42eafd8e320c] ASoC: Intel: avs: Streamline register-component function names
> # good: [daf855f76a1210ceed9541f71ac5dd9be02018a6] ASoC: es8323: enable DAPM power widgets for playback DAC
> # good: [0056b410355713556d8a10306f82e55b28d33ba8] spi: offload trigger: adi-util-sigma-delta: clean up imports
> # good: [90179609efa421b1ccc7d8eafbc078bafb25777c] spi: spl022: use min_t() to improve code
> # good: [258384d8ce365dddd6c5c15204de8ccd53a7ab0a] ASoC: es8323: enable DAPM power widgets for playback DAC and output
> # good: [48124569bbc6bfda1df3e9ee17b19d559f4b1aa3] spi: remove unneeded 'fast_io' parameter in regmap_config
> # good: [6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d] regulator: rt5133: Fix spelling mistake "regualtor" -> "regulator"
> # good: [0e62438e476494a1891a8822b9785bc6e73e9c3f] ASoC: Intel: sst: Remove redundant semicolons
> # good: [37533933bfe92cd5a99ef4743f31dac62ccc8de0] regulator: remove unneeded 'fast_io' parameter in regmap_config
> # good: [a46e95c81e3a28926ab1904d9f754fef8318074d] ASoC: wl1273: Remove
> # good: [5c36b86d2bf68fbcad16169983ef7ee8c537db59] regmap: Remove superfluous check for !config in __regmap_init()
> # good: [714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb] regulator: rt5133: Add RT5133 PMIC regulator Support
> # good: [9c45f95222beecd6a284fd1284d54dd7a772cf59] spi: spi-qpic-snand: handle 'use_ecc' parameter of qcom_spi_config_cw_read()
> # good: [bab4ab484a6ca170847da9bffe86f1fa90df4bbe] ASoC: dt-bindings: Convert brcm,bcm2835-i2s to DT schema
> # good: [b832b19318534bb4f1673b24d78037fee339c679] spi: loopback-test: Don't use %pK through printk
> # good: [8c02c8353460f8630313aef6810f34e134a3c1ee] ASoC: dt-bindings: realtek,alc5623: convert to DT schema
> # good: [6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1] spi: spi-qpic-snand: remove 'clr*status' members of struct 'qpic_ecc'
> # good: [a54ef14188519a0994d0264f701f5771815fa11e] regulator: dt-bindings: Clean-up active-semi,act8945a duplication
> # good: [2291a2186305faaf8525d57849d8ba12ad63f5e7] MAINTAINERS: Add entry for FourSemi audio amplifiers
> # good: [cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34] ASoC: soc-component: unpack snd_soc_component_init_bias_level()
> # good: [595b7f155b926460a00776cc581e4dcd01220006] ASoC: Intel: avs: Conditional-path support
> # good: [a1d0b0ae65ae3f32597edfbb547f16c75601cd87] spi: spi-qpic-snand: avoid double assignment in qcom_spi_probe()
> # good: [3059067fd3378a5454e7928c08d20bf3ef186760] ASoC: cs48l32: Use PTR_ERR_OR_ZERO() to simplify code
> # good: [9a200cbdb54349909a42b45379e792e4b39dd223] rust: regulator: implement Send and Sync for Regulator<T>
> # good: [2d86d2585ab929a143d1e6f8963da1499e33bf13] ASoC: pxa: add GPIOLIB_LEGACY dependency
> # good: [162e23657e5379f07c6404dbfbf4367cb438ea7d] regulator: pf0900: Add PMIC PF0900 support
> # good: [886f42ce96e7ce80545704e7168a9c6b60cd6c03] regmap: mmio: Add missing MODULE_DESCRIPTION()
> git bisect start 'b5a4da2c459f79a2c87c867398f1c0c315779781' '69ed2a71d8f82f4304aa52c2c4abf41d1c1f4c7e' 'e609438851928381e39b5393f17156955a84122a' '5fa7d739f811bdffb5fc99696c2e821344fe0b88' 'f98cabe3f6cf6396b3ae0264800d9b53d7612433' 'ad4728740bd68d74365a43acc25a65339a9b2173' '63b4c34635cf32af023796b64c855dd1ed0f0a4f' '46c8b4d2a693eca69a2191436cffa44f489e98c7' 'e336ab509b43ea601801dfa05b4270023c3ed007' '878702702dbbd933a5da601c75b8e58eadeec311' '20253f806818e9a1657a832ebcf4141d0a08c02a' '2aa28b748fc967a2f2566c06bdad155fba8af7d8' 'cb3c715d89607f8896c0f20fe528a08e7ebffea9' '2c618f361ae6b9da7fafafc289051728ef4c6ea3' '0f67557763accbdd56681f17ed5350735198c57b' '0266f9541038b9b98ddd387132b5bdfe32a304e3' 'a24802b0a2a238eaa610b0b0e87a4500a35de64a' 'abe962346ef420998d47ba1c2fe591582f69e92e' 'ab63e9910d2d3ea4b8e6c08812258a676defcb9c' '88d0d17192c5a850dc07bb38035b69c4cefde270' '8b84d712ad849172f6bbcad57534b284d942b0b5' '8d7de4a014f589c1776959f7fdadbf7b12045aac' '6a1f303cba45fa3b612d5a2898b1b1b045eb74e3' '4d906371d1f9fc9ce47b2c8f37444680246557bc' 'f8527a29f4619f74bc30a9845ea87abb9a6faa1e' '8b184c34806e5da4d4847fabd3faeff38b47e70a' '18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4' '1217b573978482ae7d21dc5c0bf5aa5007b24f90' '59ba108806516adeaed51a536d55d4f5e9645881' '30db1b21fa37a2f37c7f4d71864405a05e889833' '2e0fd4583d0efcdc260e61a22666c8368f505353' '6a129b2ca5c533aec89fbeb58470811cc4102642' 'd9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595' 'e5b4ad2183f7ab18aaf7c73a120d17241ee58e97' '1cf87861a2e02432fb68f8bcc8f20a8e42acde59' '5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5' '4336efb59ef364e691ef829a73d9dbd4d5ed7c7b' '2c625f0fe2db4e6a58877ce2318df3aa312eb791' '7d083666123a425ba9f81dff1a52955b1f226540' 'b497e1a1a2b10c4ddb28064fba229365ae03311a' '9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634' '0ccc1eeda155c947d88ef053e0b54e434e218ee2' '7748328c2fd82efed24257b2bfd796eb1fa1d09b' 'dd7ae5b8b3c291c0206f127a564ae1e316705ca0' '94b39cb3ad6db935b585988b36378884199cd5fc' '5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd' 'ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c' '06dd3eda0e958cdae48ca755eb5047484f678d78' 'ce57b718006a069226b5e5d3afe7969acd59154e' '3279052eab235bfb7130b1fabc74029c2260ed8d' '6d33ce3634f99e0c6c9ce9fc111261f2c411cb48' '8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a' '9d35d068fb138160709e04e3ee97fe29a6f8615b' '8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb' '3d439e1ec3368fae17db379354bd7a9e568ca0ab' '5c39bc498f5ff7ef016abf3f16698f3e8db79677' '07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9' 'f7c41911ad744177d8289820f01009dc93d8f91c' 'f522da9ab56c96db8703b2ea0f09be7cdc3bffeb' 'd57d27171c92e9049d5301785fb38de127b28fbf' 'a37280daa4d583c7212681c49b285de9464a5200' 'b088b6189a4066b97cef459afd312fd168a76dea' 'c42e36a488c7e01f833fc9f4814f735b66b2d494' 'ff9a7857b7848227788f113d6dc6a72e989084e0' 'f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c' 'edb5c1f885207d1d74e8a1528e6937e02829ee6e' '6c177775dcc5e70a64ddf4ee842c66af498f2c7c' '11f5c5f9e43e9020bae452232983fe98e7abfce0' '899fb38dd76dd3ede425bbaf8a96d390180a5d1c' '5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4' 'e2ab5f600bb01d3625d667d97b3eb7538e388336' 'a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c' 'f840737d1746398c2993be34bfdc80bdc19ecae2' 'd78e48ebe04e9566f8ecbf51471e80da3adbceeb' '136d029662cdde77d3e4db5c07de655f35f0239f' '96bcb34df55f7fee99795127c796315950c94fed' 'c232495d28ca092d0c39b10e35d3d613bd2414ab' 'ec0be3cdf40b5302248f3fb27a911cc630e8b855' '27848c082ba0b22850fd9fb7b185c015423dcdc7' 'c1dd310f1d76b4b13f1854618087af2513140897' 'da9881d00153cc6d3917f6b74144b1d41b58338c' 'cf65182247761f7993737b710afe8c781699356b' '550bc517e59347b3b1af7d290eac4fb1411a3d4e' '2a55135201d5e24b80b7624880ff42eafd8e320c' 'daf855f76a1210ceed9541f71ac5dd9be02018a6' '0056b410355713556d8a10306f82e55b28d33ba8' '90179609efa421b1ccc7d8eafbc078bafb25777c' '258384d8ce365dddd6c5c15204de8ccd53a7ab0a' '48124569bbc6bfda1df3e9ee17b19d559f4b1aa3' '6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d' '0e62438e476494a1891a8822b9785bc6e73e9c3f' '37533933bfe92cd5a99ef4743f31dac62ccc8de0' 'a46e95c81e3a28926ab1904d9f754fef8318074d' '5c36b86d2bf68fbcad16169983ef7ee8c537db59' '714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb' '9c45f95222beecd6a284fd1284d54dd7a772cf59' 'bab4ab484a6ca170847da9bffe86f1fa90df4bbe' 'b832b19318534bb4f1673b24d78037fee339c679' '8c02c8353460f8630313aef6810f34e134a3c1ee' '6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1' 'a54ef14188519a0994d0264f701f5771815fa11e' '2291a2186305faaf8525d57849d8ba12ad63f5e7' 'cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34' '595b7f155b926460a00776cc581e4dcd01220006' 'a1d0b0ae65ae3f32597edfbb547f16c75601cd87' '3059067fd3378a5454e7928c08d20bf3ef186760' '9a200cbdb54349909a42b45379e792e4b39dd223' '2d86d2585ab929a143d1e6f8963da1499e33bf13' '162e23657e5379f07c6404dbfbf4367cb438ea7d' '886f42ce96e7ce80545704e7168a9c6b60cd6c03'
> # test job: [e609438851928381e39b5393f17156955a84122a] https://lava.sirena.org.uk/scheduler/job/1868301
> # test job: [5fa7d739f811bdffb5fc99696c2e821344fe0b88] https://lava.sirena.org.uk/scheduler/job/1868351
> # test job: [f98cabe3f6cf6396b3ae0264800d9b53d7612433] https://lava.sirena.org.uk/scheduler/job/1862378
> # test job: [ad4728740bd68d74365a43acc25a65339a9b2173] https://lava.sirena.org.uk/scheduler/job/1862571
> # test job: [63b4c34635cf32af023796b64c855dd1ed0f0a4f] https://lava.sirena.org.uk/scheduler/job/1863569
> # test job: [46c8b4d2a693eca69a2191436cffa44f489e98c7] https://lava.sirena.org.uk/scheduler/job/1862012
> # test job: [e336ab509b43ea601801dfa05b4270023c3ed007] https://lava.sirena.org.uk/scheduler/job/1862870
> # test job: [878702702dbbd933a5da601c75b8e58eadeec311] https://lava.sirena.org.uk/scheduler/job/1863783
> # test job: [20253f806818e9a1657a832ebcf4141d0a08c02a] https://lava.sirena.org.uk/scheduler/job/1848487
> # test job: [2aa28b748fc967a2f2566c06bdad155fba8af7d8] https://lava.sirena.org.uk/scheduler/job/1848316
> # test job: [cb3c715d89607f8896c0f20fe528a08e7ebffea9] https://lava.sirena.org.uk/scheduler/job/1847531
> # test job: [2c618f361ae6b9da7fafafc289051728ef4c6ea3] https://lava.sirena.org.uk/scheduler/job/1850256
> # test job: [0f67557763accbdd56681f17ed5350735198c57b] https://lava.sirena.org.uk/scheduler/job/1848730
> # test job: [0266f9541038b9b98ddd387132b5bdfe32a304e3] https://lava.sirena.org.uk/scheduler/job/1848825
> # test job: [a24802b0a2a238eaa610b0b0e87a4500a35de64a] https://lava.sirena.org.uk/scheduler/job/1847698
> # test job: [abe962346ef420998d47ba1c2fe591582f69e92e] https://lava.sirena.org.uk/scheduler/job/1840610
> # test job: [ab63e9910d2d3ea4b8e6c08812258a676defcb9c] https://lava.sirena.org.uk/scheduler/job/1838203
> # test job: [88d0d17192c5a850dc07bb38035b69c4cefde270] https://lava.sirena.org.uk/scheduler/job/1834007
> # test job: [8b84d712ad849172f6bbcad57534b284d942b0b5] https://lava.sirena.org.uk/scheduler/job/1834035
> # test job: [8d7de4a014f589c1776959f7fdadbf7b12045aac] https://lava.sirena.org.uk/scheduler/job/1833177
> # test job: [6a1f303cba45fa3b612d5a2898b1b1b045eb74e3] https://lava.sirena.org.uk/scheduler/job/1830452
> # test job: [4d906371d1f9fc9ce47b2c8f37444680246557bc] https://lava.sirena.org.uk/scheduler/job/1832437
> # test job: [f8527a29f4619f74bc30a9845ea87abb9a6faa1e] https://lava.sirena.org.uk/scheduler/job/1832501
> # test job: [8b184c34806e5da4d4847fabd3faeff38b47e70a] https://lava.sirena.org.uk/scheduler/job/1829208
> # test job: [18dda9eb9e11b2aeec73cbe2a56ab2f862841ba4] https://lava.sirena.org.uk/scheduler/job/1829126
> # test job: [1217b573978482ae7d21dc5c0bf5aa5007b24f90] https://lava.sirena.org.uk/scheduler/job/1809935
> # test job: [59ba108806516adeaed51a536d55d4f5e9645881] https://lava.sirena.org.uk/scheduler/job/1812752
> # test job: [30db1b21fa37a2f37c7f4d71864405a05e889833] https://lava.sirena.org.uk/scheduler/job/1811000
> # test job: [2e0fd4583d0efcdc260e61a22666c8368f505353] https://lava.sirena.org.uk/scheduler/job/1806799
> # test job: [6a129b2ca5c533aec89fbeb58470811cc4102642] https://lava.sirena.org.uk/scheduler/job/1805795
> # test job: [d9e33b38c89f4cf8c32b8481dbcf3a6cdbba4595] https://lava.sirena.org.uk/scheduler/job/1800095
> # test job: [e5b4ad2183f7ab18aaf7c73a120d17241ee58e97] https://lava.sirena.org.uk/scheduler/job/1799490
> # test job: [1cf87861a2e02432fb68f8bcc8f20a8e42acde59] https://lava.sirena.org.uk/scheduler/job/1795075
> # test job: [5bad16482c2a7e788c042d98f3e97d3b2bbc8cc5] https://lava.sirena.org.uk/scheduler/job/1795939
> # test job: [4336efb59ef364e691ef829a73d9dbd4d5ed7c7b] https://lava.sirena.org.uk/scheduler/job/1795892
> # test job: [2c625f0fe2db4e6a58877ce2318df3aa312eb791] https://lava.sirena.org.uk/scheduler/job/1794526
> # test job: [7d083666123a425ba9f81dff1a52955b1f226540] https://lava.sirena.org.uk/scheduler/job/1794861
> # test job: [b497e1a1a2b10c4ddb28064fba229365ae03311a] https://lava.sirena.org.uk/scheduler/job/1780204
> # test job: [9e5eb8b49ffe3c173bf7b8c338a57dfa09fb4634] https://lava.sirena.org.uk/scheduler/job/1779465
> # test job: [0ccc1eeda155c947d88ef053e0b54e434e218ee2] https://lava.sirena.org.uk/scheduler/job/1773032
> # test job: [7748328c2fd82efed24257b2bfd796eb1fa1d09b] https://lava.sirena.org.uk/scheduler/job/1773343
> # test job: [dd7ae5b8b3c291c0206f127a564ae1e316705ca0] https://lava.sirena.org.uk/scheduler/job/1773264
> # test job: [94b39cb3ad6db935b585988b36378884199cd5fc] https://lava.sirena.org.uk/scheduler/job/1768594
> # test job: [5cc49b5a36b32a2dba41441ea13b93fb5ea21cfd] https://lava.sirena.org.uk/scheduler/job/1769303
> # test job: [ce1a46b2d6a8465a86f7a6f71beb4c6de83bce5c] https://lava.sirena.org.uk/scheduler/job/1768977
> # test job: [06dd3eda0e958cdae48ca755eb5047484f678d78] https://lava.sirena.org.uk/scheduler/job/1832025
> # test job: [ce57b718006a069226b5e5d3afe7969acd59154e] https://lava.sirena.org.uk/scheduler/job/1768708
> # test job: [3279052eab235bfb7130b1fabc74029c2260ed8d] https://lava.sirena.org.uk/scheduler/job/1762443
> # test job: [6d33ce3634f99e0c6c9ce9fc111261f2c411cb48] https://lava.sirena.org.uk/scheduler/job/1780072
> # test job: [8f57dcf39fd0864f5f3e6701fe885e55f45d0d3a] https://lava.sirena.org.uk/scheduler/job/1760110
> # test job: [9d35d068fb138160709e04e3ee97fe29a6f8615b] https://lava.sirena.org.uk/scheduler/job/1758669
> # test job: [8a9772ec08f87c9e45ab1ad2c8d2b8c1763836eb] https://lava.sirena.org.uk/scheduler/job/1758549
> # test job: [3d439e1ec3368fae17db379354bd7a9e568ca0ab] https://lava.sirena.org.uk/scheduler/job/1753438
> # test job: [5c39bc498f5ff7ef016abf3f16698f3e8db79677] https://lava.sirena.org.uk/scheduler/job/1752464
> # test job: [07752abfa5dbf7cb4d9ce69fa94dc3b12bc597d9] https://lava.sirena.org.uk/scheduler/job/1752286
> # test job: [f7c41911ad744177d8289820f01009dc93d8f91c] https://lava.sirena.org.uk/scheduler/job/1752277
> # test job: [f522da9ab56c96db8703b2ea0f09be7cdc3bffeb] https://lava.sirena.org.uk/scheduler/job/1751873
> # test job: [d57d27171c92e9049d5301785fb38de127b28fbf] https://lava.sirena.org.uk/scheduler/job/1752634
> # test job: [a37280daa4d583c7212681c49b285de9464a5200] https://lava.sirena.org.uk/scheduler/job/1746884
> # test job: [b088b6189a4066b97cef459afd312fd168a76dea] https://lava.sirena.org.uk/scheduler/job/1746221
> # test job: [c42e36a488c7e01f833fc9f4814f735b66b2d494] https://lava.sirena.org.uk/scheduler/job/1746231
> # test job: [ff9a7857b7848227788f113d6dc6a72e989084e0] https://lava.sirena.org.uk/scheduler/job/1746324
> # test job: [f4672dc6e9c07643c8c755856ba8e9eb9ca95d0c] https://lava.sirena.org.uk/scheduler/job/1747874
> # test job: [edb5c1f885207d1d74e8a1528e6937e02829ee6e] https://lava.sirena.org.uk/scheduler/job/1746145
> # test job: [6c177775dcc5e70a64ddf4ee842c66af498f2c7c] https://lava.sirena.org.uk/scheduler/job/1780443
> # test job: [11f5c5f9e43e9020bae452232983fe98e7abfce0] https://lava.sirena.org.uk/scheduler/job/1747495
> # test job: [899fb38dd76dd3ede425bbaf8a96d390180a5d1c] https://lava.sirena.org.uk/scheduler/job/1747371
> # test job: [5b4dcaf851df8c414bfc2ac3bf9c65fc942f3be4] https://lava.sirena.org.uk/scheduler/job/1747664
> # test job: [e2ab5f600bb01d3625d667d97b3eb7538e388336] https://lava.sirena.org.uk/scheduler/job/1746572
> # test job: [a12b74d2bd4724ee1883bc97ec93eac8fafc8d3c] https://lava.sirena.org.uk/scheduler/job/1734064
> # test job: [f840737d1746398c2993be34bfdc80bdc19ecae2] https://lava.sirena.org.uk/scheduler/job/1727349
> # test job: [d78e48ebe04e9566f8ecbf51471e80da3adbceeb] https://lava.sirena.org.uk/scheduler/job/1706173
> # test job: [136d029662cdde77d3e4db5c07de655f35f0239f] https://lava.sirena.org.uk/scheduler/job/1780406
> # test job: [96bcb34df55f7fee99795127c796315950c94fed] https://lava.sirena.org.uk/scheduler/job/1699603
> # test job: [c232495d28ca092d0c39b10e35d3d613bd2414ab] https://lava.sirena.org.uk/scheduler/job/1699550
> # test job: [ec0be3cdf40b5302248f3fb27a911cc630e8b855] https://lava.sirena.org.uk/scheduler/job/1694311
> # test job: [27848c082ba0b22850fd9fb7b185c015423dcdc7] https://lava.sirena.org.uk/scheduler/job/1693098
> # test job: [c1dd310f1d76b4b13f1854618087af2513140897] https://lava.sirena.org.uk/scheduler/job/1692990
> # test job: [da9881d00153cc6d3917f6b74144b1d41b58338c] https://lava.sirena.org.uk/scheduler/job/1693415
> # test job: [cf65182247761f7993737b710afe8c781699356b] https://lava.sirena.org.uk/scheduler/job/1687536
> # test job: [550bc517e59347b3b1af7d290eac4fb1411a3d4e] https://lava.sirena.org.uk/scheduler/job/1685913
> # test job: [2a55135201d5e24b80b7624880ff42eafd8e320c] https://lava.sirena.org.uk/scheduler/job/1685775
> # test job: [daf855f76a1210ceed9541f71ac5dd9be02018a6] https://lava.sirena.org.uk/scheduler/job/1685463
> # test job: [0056b410355713556d8a10306f82e55b28d33ba8] https://lava.sirena.org.uk/scheduler/job/1685632
> # test job: [90179609efa421b1ccc7d8eafbc078bafb25777c] https://lava.sirena.org.uk/scheduler/job/1686082
> # test job: [258384d8ce365dddd6c5c15204de8ccd53a7ab0a] https://lava.sirena.org.uk/scheduler/job/1673404
> # test job: [48124569bbc6bfda1df3e9ee17b19d559f4b1aa3] https://lava.sirena.org.uk/scheduler/job/1670194
> # test job: [6d068f1ae2a2f713d7f21a9a602e65b3d6b6fc6d] https://lava.sirena.org.uk/scheduler/job/1673155
> # test job: [0e62438e476494a1891a8822b9785bc6e73e9c3f] https://lava.sirena.org.uk/scheduler/job/1669533
> # test job: [37533933bfe92cd5a99ef4743f31dac62ccc8de0] https://lava.sirena.org.uk/scheduler/job/1668976
> # test job: [a46e95c81e3a28926ab1904d9f754fef8318074d] https://lava.sirena.org.uk/scheduler/job/1673737
> # test job: [5c36b86d2bf68fbcad16169983ef7ee8c537db59] https://lava.sirena.org.uk/scheduler/job/1667939
> # test job: [714165e1c4b0d5b8c6d095fe07f65e6e7047aaeb] https://lava.sirena.org.uk/scheduler/job/1667687
> # test job: [9c45f95222beecd6a284fd1284d54dd7a772cf59] https://lava.sirena.org.uk/scheduler/job/1667605
> # test job: [bab4ab484a6ca170847da9bffe86f1fa90df4bbe] https://lava.sirena.org.uk/scheduler/job/1664696
> # test job: [b832b19318534bb4f1673b24d78037fee339c679] https://lava.sirena.org.uk/scheduler/job/1659192
> # test job: [8c02c8353460f8630313aef6810f34e134a3c1ee] https://lava.sirena.org.uk/scheduler/job/1659256
> # test job: [6b7e2aa50bdaf88cd4c2a5e2059a7bf32d85a8b1] https://lava.sirena.org.uk/scheduler/job/1656575
> # test job: [a54ef14188519a0994d0264f701f5771815fa11e] https://lava.sirena.org.uk/scheduler/job/1656016
> # test job: [2291a2186305faaf8525d57849d8ba12ad63f5e7] https://lava.sirena.org.uk/scheduler/job/1655762
> # test job: [cf25eb8eae91bcae9b2065d84b0c0ba0f6d9dd34] https://lava.sirena.org.uk/scheduler/job/1654786
> # test job: [595b7f155b926460a00776cc581e4dcd01220006] https://lava.sirena.org.uk/scheduler/job/1653153
> # test job: [a1d0b0ae65ae3f32597edfbb547f16c75601cd87] https://lava.sirena.org.uk/scheduler/job/1654229
> # test job: [3059067fd3378a5454e7928c08d20bf3ef186760] https://lava.sirena.org.uk/scheduler/job/1654000
> # test job: [9a200cbdb54349909a42b45379e792e4b39dd223] https://lava.sirena.org.uk/scheduler/job/1654755
> # test job: [2d86d2585ab929a143d1e6f8963da1499e33bf13] https://lava.sirena.org.uk/scheduler/job/1654130
> # test job: [162e23657e5379f07c6404dbfbf4367cb438ea7d] https://lava.sirena.org.uk/scheduler/job/1652972
> # test job: [886f42ce96e7ce80545704e7168a9c6b60cd6c03] https://lava.sirena.org.uk/scheduler/job/1654301
> # test job: [b5a4da2c459f79a2c87c867398f1c0c315779781] https://lava.sirena.org.uk/scheduler/job/1882210
> # bad: [b5a4da2c459f79a2c87c867398f1c0c315779781] Add linux-next specific files for 20250924
> git bisect bad b5a4da2c459f79a2c87c867398f1c0c315779781
> # test job: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] https://lava.sirena.org.uk/scheduler/job/1818582
> # bad: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] kernel/acct.c: saner struct file treatment
> git bisect bad ccc54b556054d20a1e04eac48200e63e6b87fe1c
> # test job: [b320789d6883cc00ac78ce83bccbfe7ed58afcf0] https://lava.sirena.org.uk/scheduler/job/1756559
> # good: [b320789d6883cc00ac78ce83bccbfe7ed58afcf0] Linux 6.17-rc4
> git bisect good b320789d6883cc00ac78ce83bccbfe7ed58afcf0
> # first bad commit: [ccc54b556054d20a1e04eac48200e63e6b87fe1c] kernel/acct.c: saner struct file treatment


-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Al Viro]

On Thu, Sep 25, 2025 at 02:28:16PM +0200, Jan Kara wrote:

> This is mostly harmless (just the returned error code changed) but it is a
> side effect of one thing I'd like to discuss: The original code uses
> file_open_name(O_WRONLY|O_APPEND|O_LARGEFILE) to open the file to write
> data to. The new code uses dentry_open() for that. Now one important
> difference between these two is that dentry_open() doesn't end up calling
> may_open() on the path and hence now acct_on() fails to check file
> permissions which looks like a bug? Am I missing something Al?

You are not; a bug it is.  FWIW, I suspect that the right approach would
be to keep file_open_name(), do all checks on result of that, then use
	mnt = mnt_clone_internal(&original_file->f_path);
and from that point on same as now - opening the file to be used with
dentry_open(), etc.  Original file would get dropped in the end of acct_on().
I'll put together something along those lines and post it.

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Al Viro]

On Thu, Sep 25, 2025 at 07:56:30PM +0100, Al Viro wrote:
> On Thu, Sep 25, 2025 at 02:28:16PM +0200, Jan Kara wrote:
> 
> > This is mostly harmless (just the returned error code changed) but it is a
> > side effect of one thing I'd like to discuss: The original code uses
> > file_open_name(O_WRONLY|O_APPEND|O_LARGEFILE) to open the file to write
> > data to. The new code uses dentry_open() for that. Now one important
> > difference between these two is that dentry_open() doesn't end up calling
> > may_open() on the path and hence now acct_on() fails to check file
> > permissions which looks like a bug? Am I missing something Al?
> 
> You are not; a bug it is.  FWIW, I suspect that the right approach would
> be to keep file_open_name(), do all checks on result of that, then use
> 	mnt = mnt_clone_internal(&original_file->f_path);
> and from that point on same as now - opening the file to be used with
> dentry_open(), etc.  Original file would get dropped in the end of acct_on().
> I'll put together something along those lines and post it.

Something like this for incremental (completely untested at that point):

diff --git a/kernel/acct.c b/kernel/acct.c
index 30ae403ee322..61630110e29d 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -218,19 +218,21 @@ static int acct_on(const char __user *name)
 	/* Difference from BSD - they don't do O_APPEND */
 	const int open_flags = O_WRONLY|O_APPEND|O_LARGEFILE;
 	struct pid_namespace *ns = task_active_pid_ns(current);
-	struct path path __free(path_put) = {};		// in that order
+	struct filename *pathname __free(putname) = getname(name);
+	struct file *original_file __free(fput) = NULL;	// in that order
 	struct path internal __free(path_put) = {};	// in that order
 	struct file *file __free(fput_sync) = NULL;	// in that order
 	struct bsd_acct_struct *acct;
 	struct vfsmount *mnt;
 	struct fs_pin *old;
-	int err;
 
-	err = user_path_at(AT_FDCWD, name, LOOKUP_FOLLOW, &path);
-	if (err)
-		return err;
+	if (IS_ERR(pathname))
+		return PTR_ERR(pathname);
+	original_file = file_open_name(pathname, open_flags, 0);
+	if (IS_ERR(original_file))
+		return PTR_ERR(original_file);
 
-	mnt = mnt_clone_internal(&path);
+	mnt = mnt_clone_internal(&original_file->f_path);
 	if (IS_ERR(mnt))
 		return PTR_ERR(mnt);
 
@@ -268,7 +270,7 @@ static int acct_on(const char __user *name)
 	INIT_WORK(&acct->work, close_work);
 	init_completion(&acct->done);
 	mutex_lock_nested(&acct->lock, 1);	/* nobody has seen it yet */
-	pin_insert(&acct->pin, path.mnt);
+	pin_insert(&acct->pin, original_file->f_path.mnt);
 
 	rcu_read_lock();
 	old = xchg(&ns->bacct, &acct->pin);

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Al Viro]

On Thu, Sep 25, 2025 at 08:09:44PM +0100, Al Viro wrote:

> Something like this for incremental (completely untested at that point):

BTW, that got me wondering - how about adding
	if (IS_ERR(pathname))
		return PTR_ERR(pathname);
in the very beginning of do_filp_open()?

As the result, e.g. do_open_execat() will automatically DTRT when passed
ERR_PTR(...) for name, reducing open_exec() to
struct file *open_exec(const char *name)
{
        struct filename *filename __free(putname) = getname_kernel(name);
	return do_open_execat(AT_FDCWD, filename, 0);
}

with similar effects for alloc_bprm(), etc.  The same goes for
file_open_name(), with simplified filp_open() and quite a few other
places...

Note that filename_parentat()/filename_lookupat()/etc. have the same logics
in them - do_filp_open() is the only caller of set_nameidata() that leaves
that check to its callers.

Oh, well - next cycle fodder, at that point...

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Al Viro]

[seems to work properly now]
	Instead of switching ->f_path.mnt of an opened file to internal
clone, get a struct path with ->mnt set to internal clone of that
->f_path.mnt, then dentry_open() that to get the file with right ->f_path.mnt
from the very beginning.

	The only subtle part here is that on failure exits we need to
close the file with __fput_sync() and make sure we do that *before*
dropping the original mount.

	With that done, only fs/{file_table,open,namei}.c ever store
anything to file->f_path and only prior to file->f_mode & FMODE_OPENED
becoming true.  Analysis of mount write count handling also becomes
less brittle and convoluted...

[AV: folded a fix for a bug spotted by Jan Kara - we do need a full-blown
open of the original file, not just user_path_at() or we end up skipping
permission checks]

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/kernel/acct.c b/kernel/acct.c
index 6520baa13669..61630110e29d 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -44,19 +44,14 @@
  * a struct file opened for write. Fixed. 2/6/2000, AV.
  */
 
-#include <linux/mm.h>
 #include <linux/slab.h>
 #include <linux/acct.h>
 #include <linux/capability.h>
-#include <linux/file.h>
 #include <linux/tty.h>
-#include <linux/security.h>
-#include <linux/vfs.h>
+#include <linux/statfs.h>
 #include <linux/jiffies.h>
-#include <linux/times.h>
 #include <linux/syscalls.h>
-#include <linux/mount.h>
-#include <linux/uaccess.h>
+#include <linux/namei.h>
 #include <linux/sched/cputime.h>
 
 #include <asm/div64.h>
@@ -217,84 +212,70 @@ static void close_work(struct work_struct *work)
 	complete(&acct->done);
 }
 
-static int acct_on(struct filename *pathname)
+DEFINE_FREE(fput_sync, struct file *, if (!IS_ERR_OR_NULL(_T)) __fput_sync(_T))
+static int acct_on(const char __user *name)
 {
-	struct file *file;
-	struct vfsmount *mnt, *internal;
+	/* Difference from BSD - they don't do O_APPEND */
+	const int open_flags = O_WRONLY|O_APPEND|O_LARGEFILE;
 	struct pid_namespace *ns = task_active_pid_ns(current);
+	struct filename *pathname __free(putname) = getname(name);
+	struct file *original_file __free(fput) = NULL;	// in that order
+	struct path internal __free(path_put) = {};	// in that order
+	struct file *file __free(fput_sync) = NULL;	// in that order
 	struct bsd_acct_struct *acct;
+	struct vfsmount *mnt;
 	struct fs_pin *old;
-	int err;
 
-	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
-	if (!acct)
-		return -ENOMEM;
+	if (IS_ERR(pathname))
+		return PTR_ERR(pathname);
+	original_file = file_open_name(pathname, open_flags, 0);
+	if (IS_ERR(original_file))
+		return PTR_ERR(original_file);
 
-	/* Difference from BSD - they don't do O_APPEND */
-	file = file_open_name(pathname, O_WRONLY|O_APPEND|O_LARGEFILE, 0);
-	if (IS_ERR(file)) {
-		kfree(acct);
+	mnt = mnt_clone_internal(&original_file->f_path);
+	if (IS_ERR(mnt))
+		return PTR_ERR(mnt);
+
+	internal.mnt = mnt;
+	internal.dentry = dget(mnt->mnt_root);
+
+	file = dentry_open(&internal, open_flags, current_cred());
+	if (IS_ERR(file))
 		return PTR_ERR(file);
-	}
 
-	if (!S_ISREG(file_inode(file)->i_mode)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (!S_ISREG(file_inode(file)->i_mode))
 		return -EACCES;
-	}
 
 	/* Exclude kernel kernel internal filesystems. */
-	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT))
 		return -EINVAL;
-	}
 
 	/* Exclude procfs and sysfs. */
-	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE)
 		return -EINVAL;
-	}
 
-	if (!(file->f_mode & FMODE_CAN_WRITE)) {
-		kfree(acct);
-		filp_close(file, NULL);
+	if (!(file->f_mode & FMODE_CAN_WRITE))
 		return -EIO;
-	}
-	internal = mnt_clone_internal(&file->f_path);
-	if (IS_ERR(internal)) {
-		kfree(acct);
-		filp_close(file, NULL);
-		return PTR_ERR(internal);
-	}
-	err = mnt_get_write_access(internal);
-	if (err) {
-		mntput(internal);
-		kfree(acct);
-		filp_close(file, NULL);
-		return err;
-	}
-	mnt = file->f_path.mnt;
-	file->f_path.mnt = internal;
+
+	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
+	if (!acct)
+		return -ENOMEM;
 
 	atomic_long_set(&acct->count, 1);
 	init_fs_pin(&acct->pin, acct_pin_kill);
-	acct->file = file;
+	acct->file = no_free_ptr(file);
 	acct->needcheck = jiffies;
 	acct->ns = ns;
 	mutex_init(&acct->lock);
 	INIT_WORK(&acct->work, close_work);
 	init_completion(&acct->done);
 	mutex_lock_nested(&acct->lock, 1);	/* nobody has seen it yet */
-	pin_insert(&acct->pin, mnt);
+	pin_insert(&acct->pin, original_file->f_path.mnt);
 
 	rcu_read_lock();
 	old = xchg(&ns->bacct, &acct->pin);
 	mutex_unlock(&acct->lock);
 	pin_kill(old);
-	mnt_put_write_access(mnt);
-	mntput(mnt);
 	return 0;
 }
 
@@ -319,14 +300,9 @@ SYSCALL_DEFINE1(acct, const char __user *, name)
 		return -EPERM;
 
 	if (name) {
-		struct filename *tmp = getname(name);
-
-		if (IS_ERR(tmp))
-			return PTR_ERR(tmp);
 		mutex_lock(&acct_on_mutex);
-		error = acct_on(tmp);
+		error = acct_on(name);
 		mutex_unlock(&acct_on_mutex);
-		putname(tmp);
 	} else {
 		rcu_read_lock();
 		pin_kill(task_active_pid_ns(current)->bacct);

Re: [PATCH 1/2] kernel/acct.c: saner struct file treatment

[Jan Kara]

On Thu 25-09-25 21:56:47, Al Viro wrote:
> [seems to work properly now]
> 	Instead of switching ->f_path.mnt of an opened file to internal
> clone, get a struct path with ->mnt set to internal clone of that
> ->f_path.mnt, then dentry_open() that to get the file with right ->f_path.mnt
> from the very beginning.
> 
> 	The only subtle part here is that on failure exits we need to
> close the file with __fput_sync() and make sure we do that *before*
> dropping the original mount.
> 
> 	With that done, only fs/{file_table,open,namei}.c ever store
> anything to file->f_path and only prior to file->f_mode & FMODE_OPENED
> becoming true.  Analysis of mount write count handling also becomes
> less brittle and convoluted...
> 
> [AV: folded a fix for a bug spotted by Jan Kara - we do need a full-blown
> open of the original file, not just user_path_at() or we end up skipping
> permission checks]
> 
> Reviewed-by: Christian Brauner <brauner@kernel.org>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good to me. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
> diff --git a/kernel/acct.c b/kernel/acct.c
> index 6520baa13669..61630110e29d 100644
> --- a/kernel/acct.c
> +++ b/kernel/acct.c
> @@ -44,19 +44,14 @@
>   * a struct file opened for write. Fixed. 2/6/2000, AV.
>   */
>  
> -#include <linux/mm.h>
>  #include <linux/slab.h>
>  #include <linux/acct.h>
>  #include <linux/capability.h>
> -#include <linux/file.h>
>  #include <linux/tty.h>
> -#include <linux/security.h>
> -#include <linux/vfs.h>
> +#include <linux/statfs.h>
>  #include <linux/jiffies.h>
> -#include <linux/times.h>
>  #include <linux/syscalls.h>
> -#include <linux/mount.h>
> -#include <linux/uaccess.h>
> +#include <linux/namei.h>
>  #include <linux/sched/cputime.h>
>  
>  #include <asm/div64.h>
> @@ -217,84 +212,70 @@ static void close_work(struct work_struct *work)
>  	complete(&acct->done);
>  }
>  
> -static int acct_on(struct filename *pathname)
> +DEFINE_FREE(fput_sync, struct file *, if (!IS_ERR_OR_NULL(_T)) __fput_sync(_T))
> +static int acct_on(const char __user *name)
>  {
> -	struct file *file;
> -	struct vfsmount *mnt, *internal;
> +	/* Difference from BSD - they don't do O_APPEND */
> +	const int open_flags = O_WRONLY|O_APPEND|O_LARGEFILE;
>  	struct pid_namespace *ns = task_active_pid_ns(current);
> +	struct filename *pathname __free(putname) = getname(name);
> +	struct file *original_file __free(fput) = NULL;	// in that order
> +	struct path internal __free(path_put) = {};	// in that order
> +	struct file *file __free(fput_sync) = NULL;	// in that order
>  	struct bsd_acct_struct *acct;
> +	struct vfsmount *mnt;
>  	struct fs_pin *old;
> -	int err;
>  
> -	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
> -	if (!acct)
> -		return -ENOMEM;
> +	if (IS_ERR(pathname))
> +		return PTR_ERR(pathname);
> +	original_file = file_open_name(pathname, open_flags, 0);
> +	if (IS_ERR(original_file))
> +		return PTR_ERR(original_file);
>  
> -	/* Difference from BSD - they don't do O_APPEND */
> -	file = file_open_name(pathname, O_WRONLY|O_APPEND|O_LARGEFILE, 0);
> -	if (IS_ERR(file)) {
> -		kfree(acct);
> +	mnt = mnt_clone_internal(&original_file->f_path);
> +	if (IS_ERR(mnt))
> +		return PTR_ERR(mnt);
> +
> +	internal.mnt = mnt;
> +	internal.dentry = dget(mnt->mnt_root);
> +
> +	file = dentry_open(&internal, open_flags, current_cred());
> +	if (IS_ERR(file))
>  		return PTR_ERR(file);
> -	}
>  
> -	if (!S_ISREG(file_inode(file)->i_mode)) {
> -		kfree(acct);
> -		filp_close(file, NULL);
> +	if (!S_ISREG(file_inode(file)->i_mode))
>  		return -EACCES;
> -	}
>  
>  	/* Exclude kernel kernel internal filesystems. */
> -	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
> -		kfree(acct);
> -		filp_close(file, NULL);
> +	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT))
>  		return -EINVAL;
> -	}
>  
>  	/* Exclude procfs and sysfs. */
> -	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
> -		kfree(acct);
> -		filp_close(file, NULL);
> +	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE)
>  		return -EINVAL;
> -	}
>  
> -	if (!(file->f_mode & FMODE_CAN_WRITE)) {
> -		kfree(acct);
> -		filp_close(file, NULL);
> +	if (!(file->f_mode & FMODE_CAN_WRITE))
>  		return -EIO;
> -	}
> -	internal = mnt_clone_internal(&file->f_path);
> -	if (IS_ERR(internal)) {
> -		kfree(acct);
> -		filp_close(file, NULL);
> -		return PTR_ERR(internal);
> -	}
> -	err = mnt_get_write_access(internal);
> -	if (err) {
> -		mntput(internal);
> -		kfree(acct);
> -		filp_close(file, NULL);
> -		return err;
> -	}
> -	mnt = file->f_path.mnt;
> -	file->f_path.mnt = internal;
> +
> +	acct = kzalloc(sizeof(struct bsd_acct_struct), GFP_KERNEL);
> +	if (!acct)
> +		return -ENOMEM;
>  
>  	atomic_long_set(&acct->count, 1);
>  	init_fs_pin(&acct->pin, acct_pin_kill);
> -	acct->file = file;
> +	acct->file = no_free_ptr(file);
>  	acct->needcheck = jiffies;
>  	acct->ns = ns;
>  	mutex_init(&acct->lock);
>  	INIT_WORK(&acct->work, close_work);
>  	init_completion(&acct->done);
>  	mutex_lock_nested(&acct->lock, 1);	/* nobody has seen it yet */
> -	pin_insert(&acct->pin, mnt);
> +	pin_insert(&acct->pin, original_file->f_path.mnt);
>  
>  	rcu_read_lock();
>  	old = xchg(&ns->bacct, &acct->pin);
>  	mutex_unlock(&acct->lock);
>  	pin_kill(old);
> -	mnt_put_write_access(mnt);
> -	mntput(mnt);
>  	return 0;
>  }
>  
> @@ -319,14 +300,9 @@ SYSCALL_DEFINE1(acct, const char __user *, name)
>  		return -EPERM;
>  
>  	if (name) {
> -		struct filename *tmp = getname(name);
> -
> -		if (IS_ERR(tmp))
> -			return PTR_ERR(tmp);
>  		mutex_lock(&acct_on_mutex);
> -		error = acct_on(tmp);
> +		error = acct_on(name);
>  		mutex_unlock(&acct_on_mutex);
> -		putname(tmp);
>  	} else {
>  		rcu_read_lock();
>  		pin_kill(task_active_pid_ns(current)->bacct);
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 2/2] Have cc(1) catch attempts to modify ->f_path

[Al Viro]

[last one in #work.f_path, following the merge with #work.mount and #work.path]

There are very few places that have cause to do that - all in core
VFS now, and all done to files that are not yet opened (or visible
to anybody else, for that matter).

Let's turn f_path into a union of struct path __f_path and const
struct path f_path.  It's C, not C++ - 6.5.2.3[4] in C99 and
later explicitly allows that kind of type-punning.

That way any attempts to bypass these checks will be either very
easy to catch, or (if the bastards get sufficiently creative to
make it hard to spot with grep alone) very clearly malicious -
and still catchable with a bit of instrumentation for sparse.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/fs/file_table.c b/fs/file_table.c
index 85b53e39138d..b223d873e48b 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -171,7 +171,7 @@ static int init_file(struct file *f, int flags, const struct cred *cred)
 	 * the respective member when opening the file.
 	 */
 	mutex_init(&f->f_pos_lock);
-	memset(&f->f_path, 0, sizeof(f->f_path));
+	memset(&f->__f_path, 0, sizeof(f->f_path));
 	memset(&f->f_ra, 0, sizeof(f->f_ra));
 
 	f->f_flags	= flags;
@@ -319,7 +319,7 @@ struct file *alloc_empty_backing_file(int flags, const struct cred *cred)
 static void file_init_path(struct file *file, const struct path *path,
 			   const struct file_operations *fop)
 {
-	file->f_path = *path;
+	file->__f_path = *path;
 	file->f_inode = path->dentry->d_inode;
 	file->f_mapping = path->dentry->d_inode->i_mapping;
 	file->f_wb_err = filemap_sample_wb_err(file->f_mapping);
diff --git a/fs/namei.c b/fs/namei.c
index 3eb0408e3400..ba8bf73d2f9c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3563,8 +3563,8 @@ static struct dentry *atomic_open(struct nameidata *nd, struct dentry *dentry,
 	if (nd->flags & LOOKUP_DIRECTORY)
 		open_flag |= O_DIRECTORY;
 
-	file->f_path.dentry = DENTRY_NOT_SET;
-	file->f_path.mnt = nd->path.mnt;
+	file->__f_path.dentry = DENTRY_NOT_SET;
+	file->__f_path.mnt = nd->path.mnt;
 	error = dir->i_op->atomic_open(dir, dentry, file,
 				       open_to_namei_flags(open_flag), mode);
 	d_lookup_done(dentry);
@@ -3932,8 +3932,8 @@ int vfs_tmpfile(struct mnt_idmap *idmap,
 	child = d_alloc(parentpath->dentry, &slash_name);
 	if (unlikely(!child))
 		return -ENOMEM;
-	file->f_path.mnt = parentpath->mnt;
-	file->f_path.dentry = child;
+	file->__f_path.mnt = parentpath->mnt;
+	file->__f_path.dentry = child;
 	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);
 	error = dir->i_op->tmpfile(idmap, dir, file, mode);
 	dput(child);
diff --git a/fs/open.c b/fs/open.c
index 9655158c3885..f4bdf7693530 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1022,8 +1022,8 @@ static int do_dentry_open(struct file *f,
 	put_file_access(f);
 cleanup_file:
 	path_put(&f->f_path);
-	f->f_path.mnt = NULL;
-	f->f_path.dentry = NULL;
+	f->__f_path.mnt = NULL;
+	f->__f_path.dentry = NULL;
 	f->f_inode = NULL;
 	return error;
 }
@@ -1050,7 +1050,7 @@ int finish_open(struct file *file, struct dentry *dentry,
 {
 	BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */
 
-	file->f_path.dentry = dentry;
+	file->__f_path.dentry = dentry;
 	return do_dentry_open(file, open);
 }
 EXPORT_SYMBOL(finish_open);
@@ -1071,7 +1071,7 @@ EXPORT_SYMBOL(finish_open);
  */
 int finish_no_open(struct file *file, struct dentry *dentry)
 {
-	file->f_path.dentry = dentry;
+	file->__f_path.dentry = dentry;
 	return 0;
 }
 EXPORT_SYMBOL(finish_no_open);
@@ -1091,7 +1091,7 @@ int vfs_open(const struct path *path, struct file *file)
 {
 	int ret;
 
-	file->f_path = *path;
+	file->__f_path = *path;
 	ret = do_dentry_open(file, NULL);
 	if (!ret) {
 		/*
diff --git a/include/linux/fs.h b/include/linux/fs.h
index af514fae4e2d..7fe4831b7663 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1107,7 +1107,10 @@ struct file {
 	const struct cred		*f_cred;
 	struct fown_struct		*f_owner;
 	/* --- cacheline 1 boundary (64 bytes) --- */
-	struct path			f_path;
+	union {
+		const struct path	f_path;
+		struct path		__f_path;
+	};
 	union {
 		/* regular files (with FMODE_ATOMIC_POS) and directories */
 		struct mutex		f_pos_lock;

Re: [PATCH 2/2] Have cc(1) catch attempts to modify ->f_path

[Jan Kara]

On Sat 06-09-25 10:14:58, Al Viro wrote:
> [last one in #work.f_path, following the merge with #work.mount and #work.path]
> 
> There are very few places that have cause to do that - all in core
> VFS now, and all done to files that are not yet opened (or visible
> to anybody else, for that matter).
> 
> Let's turn f_path into a union of struct path __f_path and const
> struct path f_path.  It's C, not C++ - 6.5.2.3[4] in C99 and
> later explicitly allows that kind of type-punning.
> 
> That way any attempts to bypass these checks will be either very
> easy to catch, or (if the bastards get sufficiently creative to
> make it hard to spot with grep alone) very clearly malicious -
> and still catchable with a bit of instrumentation for sparse.
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
> diff --git a/fs/file_table.c b/fs/file_table.c
> index 85b53e39138d..b223d873e48b 100644
> --- a/fs/file_table.c
> +++ b/fs/file_table.c
> @@ -171,7 +171,7 @@ static int init_file(struct file *f, int flags, const struct cred *cred)
>  	 * the respective member when opening the file.
>  	 */
>  	mutex_init(&f->f_pos_lock);
> -	memset(&f->f_path, 0, sizeof(f->f_path));
> +	memset(&f->__f_path, 0, sizeof(f->f_path));
>  	memset(&f->f_ra, 0, sizeof(f->f_ra));
>  
>  	f->f_flags	= flags;
> @@ -319,7 +319,7 @@ struct file *alloc_empty_backing_file(int flags, const struct cred *cred)
>  static void file_init_path(struct file *file, const struct path *path,
>  			   const struct file_operations *fop)
>  {
> -	file->f_path = *path;
> +	file->__f_path = *path;
>  	file->f_inode = path->dentry->d_inode;
>  	file->f_mapping = path->dentry->d_inode->i_mapping;
>  	file->f_wb_err = filemap_sample_wb_err(file->f_mapping);
> diff --git a/fs/namei.c b/fs/namei.c
> index 3eb0408e3400..ba8bf73d2f9c 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -3563,8 +3563,8 @@ static struct dentry *atomic_open(struct nameidata *nd, struct dentry *dentry,
>  	if (nd->flags & LOOKUP_DIRECTORY)
>  		open_flag |= O_DIRECTORY;
>  
> -	file->f_path.dentry = DENTRY_NOT_SET;
> -	file->f_path.mnt = nd->path.mnt;
> +	file->__f_path.dentry = DENTRY_NOT_SET;
> +	file->__f_path.mnt = nd->path.mnt;
>  	error = dir->i_op->atomic_open(dir, dentry, file,
>  				       open_to_namei_flags(open_flag), mode);
>  	d_lookup_done(dentry);
> @@ -3932,8 +3932,8 @@ int vfs_tmpfile(struct mnt_idmap *idmap,
>  	child = d_alloc(parentpath->dentry, &slash_name);
>  	if (unlikely(!child))
>  		return -ENOMEM;
> -	file->f_path.mnt = parentpath->mnt;
> -	file->f_path.dentry = child;
> +	file->__f_path.mnt = parentpath->mnt;
> +	file->__f_path.dentry = child;
>  	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);
>  	error = dir->i_op->tmpfile(idmap, dir, file, mode);
>  	dput(child);
> diff --git a/fs/open.c b/fs/open.c
> index 9655158c3885..f4bdf7693530 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -1022,8 +1022,8 @@ static int do_dentry_open(struct file *f,
>  	put_file_access(f);
>  cleanup_file:
>  	path_put(&f->f_path);
> -	f->f_path.mnt = NULL;
> -	f->f_path.dentry = NULL;
> +	f->__f_path.mnt = NULL;
> +	f->__f_path.dentry = NULL;
>  	f->f_inode = NULL;
>  	return error;
>  }
> @@ -1050,7 +1050,7 @@ int finish_open(struct file *file, struct dentry *dentry,
>  {
>  	BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */
>  
> -	file->f_path.dentry = dentry;
> +	file->__f_path.dentry = dentry;
>  	return do_dentry_open(file, open);
>  }
>  EXPORT_SYMBOL(finish_open);
> @@ -1071,7 +1071,7 @@ EXPORT_SYMBOL(finish_open);
>   */
>  int finish_no_open(struct file *file, struct dentry *dentry)
>  {
> -	file->f_path.dentry = dentry;
> +	file->__f_path.dentry = dentry;
>  	return 0;
>  }
>  EXPORT_SYMBOL(finish_no_open);
> @@ -1091,7 +1091,7 @@ int vfs_open(const struct path *path, struct file *file)
>  {
>  	int ret;
>  
> -	file->f_path = *path;
> +	file->__f_path = *path;
>  	ret = do_dentry_open(file, NULL);
>  	if (!ret) {
>  		/*
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index af514fae4e2d..7fe4831b7663 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1107,7 +1107,10 @@ struct file {
>  	const struct cred		*f_cred;
>  	struct fown_struct		*f_owner;
>  	/* --- cacheline 1 boundary (64 bytes) --- */
> -	struct path			f_path;
> +	union {
> +		const struct path	f_path;
> +		struct path		__f_path;
> +	};
>  	union {
>  		/* regular files (with FMODE_ATOMIC_POS) and directories */
>  		struct mutex		f_pos_lock;
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 2/2] Have cc(1) catch attempts to modify ->f_path

[Christian Brauner]

On Sat, Sep 06, 2025 at 10:14:58AM +0100, Al Viro wrote:
> [last one in #work.f_path, following the merge with #work.mount and #work.path]
> 
> There are very few places that have cause to do that - all in core
> VFS now, and all done to files that are not yet opened (or visible
> to anybody else, for that matter).
> 
> Let's turn f_path into a union of struct path __f_path and const
> struct path f_path.  It's C, not C++ - 6.5.2.3[4] in C99 and
> later explicitly allows that kind of type-punning.
> 
> That way any attempts to bypass these checks will be either very
> easy to catch, or (if the bastards get sufficiently creative to
> make it hard to spot with grep alone) very clearly malicious -
> and still catchable with a bit of instrumentation for sparse.
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCHES] file->f_path safety and struct path constifications

[Al Viro]

On Sat, Sep 06, 2025 at 10:07:38AM +0100, Al Viro wrote:

> Branches are in
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.path and
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.f_path resp.;
> individual patches in followups.

PS: 21-patch series is #work.path, other 2 are #work.f_path proper - it's
(1/2) + merge with #work.path and #work.mount + (2/2)