[PATCH v2 0/7] fs/9p: Reuse inode based on path (in addition to qid)
Tingmao Wang
m at maowtm.org
Sat Sep 27 22:53:33 UTC 2025
On 9/27/25 19:27, Mickaël Salaün wrote:
> Adding Greg Kurz too.
>
> On Sun, Sep 21, 2025 at 05:24:49PM +0100, Tingmao Wang wrote:
>> On 9/17/25 16:00, Mickaël Salaün wrote:
>>> [...]
>>
>> Alternatively if we believe this to be a QEMU issue, maybe
>> Landlock don't need to work around it and should just hold fids (and use
>> QIDs to key the rules) anyway despite server quirks like these. This can
>> perhaps then be fixed in QEMU?
>
> Yes, I think it would make sense for Landlock to open and keep open a
> fid (and hopefully the related remote file). However, the v9fs umount
> should be handled gracefully the same way Landlock tag inodes are
> handled. This should come with a QEMU patch to fix the consistency
> issue.
>
>>
>> (I guess the fact that QEMU is doing path tracking in the first place does
>> gives more precedent for justifying doing path tracking in v9fs as well,
>> but maybe that's the wrong way to think about it)
>
> Anyway, if QEMU does it, wouldn't it be the same for Landlock to just
> rely on fid?
The fid can't be relied on because it's just a handle. The client can
open multiple fids pointing to the same file (and in fact this is what
v9fs does - new fid for each open())
> If QEMU uses FD+O_PATH, then Landlock would work even for
> server-moved files.
(With this new approach, Landlock would have to key the rules based on
qid, but it also needs to hold an open fid to prevent that qid from being
reused (due to ext4 inode number reuse, etc))
More information about the Linux-security-module-archive
mailing list