On Sat, 8 Nov 2025 at 22:38, Al Viro wrote: > > These days we have very few places that import filename more than once > (9 functions total) and it's easy to massage them so we get rid of all > re-imports. With that done, we don't need audit_reusename() anymore. > There's no need to memorize userland pointer either. Lovely. Ack on the whole series. I do wonder if we could go one step further, and try to make the "struct filename" allocation rather much smaller, so that we could fit it on the stack,m and avoid the whole __getname() call *entirely* for shorter pathnames. That __getname() allocation is fairly costly, and 99% of the time we really don't need it because audit doesn't even get a ref to it so it's all entirely thread-local. Right now the allocation is a full page, which is almost entirely for historical reasons ("__getname()" long long ago used to be "__get_free_page()"m and then when it was made a kmemc_cache_alloc() it just stayed page-sized, and we did replaced the size to PATH_MAX and limited it to 4k regardless of page size - and then with the embedded 'struct filename' we now have that odd #define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname)) and that PATH_MAX thing really is a random value these days, because the size of the __getname() allocation has *NOTHING* to do with the maximum pathname, and we actually have to do a *separate* allocation if we have a long path that needs the whole PATH_MAX. Now, that separate allocation we do oddly - in that we actually continue to use that '__getname() allocation for the pathname, and the new allocation is just for the initial part of 'struct filename'. But it's *odd* and purely due to those historical oddities. We could make the new allocation be the actual PATH_MAX size, and continue to use the smaller original allocation for 'struct filename', and the code in getname_flags() would be a lot more logical. Now, for all the same historical reasons there are a few users that mis-use "__getname()" and "__putname()" to *not* allocate an actual 'struct filename', but really just do a "kmalloc(PATH_MAX)". The fix for that is to just leave "__getname()/__putname()" as that odd legacy "allocate a pathname", and just make the actual real "struct filename" use proper allocators with proper type checking. The attached patch is ENTIRELY UNTESTED, so please see it as a "something like this". But wouldn't it be really nice to not play those odd games with "struct filename" that getname_flags() currently plays? And with this, 'struct filename' is small enough that we *could* just allocate it on the stack if we then also add code to deal with the audit case (which this does *not* do, just to clarify: this is literally just the "prep for a smaller structure" part). Also note that this assumes that short pathname (smaller than that new #define EMBEDDED_NAME_MAX 64 size) are actually the common case. With longer paths, and without the "allocate on stack", this patch will cause two allocations, because it then does that kname = kmalloc(PATH_MAX, GFP_KERNEL); to allocate the separate name when it didn't fit in the smaller embedded path buffer. So in this form, this is actually a pessimization, and again, none of this makes sense *unless* we then go on to allocate the smaller filename struct on the stack. Hmm? Comments? Linus