Linux 7.2 Kernel Cuts Container Unmount Latency by 90%

The Linux 7.2 kernel, expected to ship in the coming weeks, delivers a significant performance improvement for container-heavy environments by reducing unmount latency by up to 90%. The work, merged by Alibaba engineer Baokun Li, targets a race condition that could cause "VFS: Busy inodes after unmount" errors and a use-after-free flaw.

Under cgroup writeback churn on a 16 vCPU guest, median unmount latency dropped from approximately 92 to 138 milliseconds down to 5 to 8 milliseconds. The cumulative cost of the cgroup_writeback_umount() function fell from around 62 milliseconds to about 4 microseconds per call.

Race Fix and Serialization Removal

Li tracked down a race between cgroup_writeback_umount() and inode_switch_wbs() that occurs when a container exits. In a narrow window, inode_prepare_wbs_switch() could return true, but the subsequent workqueue item had not yet been queued. If cgroup_writeback_umount() observed a non-zero global counter but found nothing queued, it returned early, leaving a dangling inode reference that blocked evict_inodes() and could lead to a use-after-free on freed percpu counters.

The fix closes this window with an RCU read-side critical section and a synchronization step in the unmount path. More importantly, the patch removes a legacy global synchronize_rcu()/flush_workqueue() pair and replaces it with a per-superblock in-flight counter and pin/unpin/drain helpers. This change means unmount no longer serializes against switch activity on unrelated superblocks, eliminating the global bottleneck. VFS maintainer Christian Brauner described the change in the pull request as removing "the now-dead rcu_barrier() left over from the queue_rcu_work() era." The initial race fix is kept separate so that it can be backported to stable kernel series.

• Median unmount latency on 16 vCPU drops from ~92-138ms to ~5-8ms
• cgroup_writeback_umount() cost reduced from ~62ms to ~4us per call
• Global serialization replaced with per-superblock in-flight tracking
• Race fix is designed for clean backporting to stable kernels
• Patch also improves write performance when using the RWF_DONTCACHE flag

New Security Flag and Legacy Cleanup

Linux 7.2's VFS pull also includes the OPENAT2_REGULAR flag for the openat2 system call. This flag restricts programs to opening only regular files, preventing accidental or intentional access to device files, FIFOs, or other non-regular file types. The feature is designed to help sandboxes and security tools avoid being tricked by special file nodes.

Separately, Linux 7.1 dropped support for Intel 486 processors and other legacy hardware, removing more than 140,000 lines of code. The 486 support, which dated back to the early 1990s, had become a maintenance burden with no active users. Linux 7.2 continues this cleanup trajectory while adding practical optimizations for modern cloud-native workloads. Container operators running heavy I/O workloads on Linux 7.2 can expect notably faster shutdown and cleanup cycles.