From: Dominique Martinet <asmadeus@codewreck.org>
To: Tingmao Wang <m@maowtm.org>
Cc: "Christian Schoenebeck" <linux_oss@crudebyte.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Eric Van Hensbergen" <ericvh@kernel.org>,
"Latchesar Ionkov" <lucho@ionkov.net>,
v9fs@lists.linux.dev, "Günther Noack" <gnoack@google.com>,
linux-security-module@vger.kernel.org, "Jan Kara" <jack@suse.cz>,
"Amir Goldstein" <amir73il@gmail.com>,
"Matthew Bobrowski" <repnop@google.com>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Christian Brauner" <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2 0/7] fs/9p: Reuse inode based on path (in addition to qid)
Date: Tue, 16 Sep 2025 22:35:35 +0900 [thread overview]
Message-ID: <aMlnpz7TrbXuL0mc@codewreck.org> (raw)
In-Reply-To: <6502db0c-17ed-4644-a744-bb0553174541@maowtm.org>
Tingmao Wang wrote on Tue, Sep 16, 2025 at 01:44:27PM +0100:
> > iirc even in cacheless mode 9p should keep inode arounds if there's an
> > open fd somewhere
>
> Yes, because there is a dentry that has a reference to it. Similarly if
> there is a Landlock rule referencing it, the inode will also be kept
> around (but not the dentry, Landlock only references the inode). The
> problem is that when another application (that is being Landlocked)
> accesses the file, 9pfs will create a new inode in uncached mode,
> regardless of whether an existing inode exists.
> [...]
> Based on my understanding, I think this isn't really to do with whether
> the dentry is around or not. In cached mode, 9pfs will use iget5_locked
> to look up an existing inode based on the qid, if one exists, and use
> that, even if no cached dentry points to it. However, in uncached mode,
> currently if vfs asks 9pfs to find an inode (e.g. because the dentry is no
> longer in cache), it always get a new one:
> [...]
> v9fs_qid_iget_dotl:
> ...
> if (new)
> test = v9fs_test_new_inode_dotl;
> else
> test = v9fs_test_inode_dotl;
Right, if we get all the way to iget uncached mode will get a new inode,
but if the file is opened (I tried `cat > foo` and `tail -f foo`) then
re-opening cat will not issue a lookup at all -- v9fs_vfs_lookup() is
not called in the first place.
Likewise, in cached mode, just having the file in cache makes new open
not call v9fs_vfs_lookup for that file (even if it's not currently
open), so that `if (new)` is not actually what matters here afaiu.
What's the condition to make it happen? Can we make that happen with
landlock?
In practice that'd make landlock partially negate cacheless mode, as
we'd "pin" landlocked paths, but as long as readdirs aren't cached and
other metadata is refreshed on e.g. stat() calls I think that's fine
if we can make it happen.
(That's a big if)
> > So in cacheless mode, if you have a tree like this:
> > a
> > └── b
> > ├── c
> > └── d
> > with c 'open' (or a reference held by landlock), then dentries for a/b/c
> > would be kept, but d could be droppable?
>
> I think, based on my understanding, a child dentry does always have a
> reference to its parent, and so parent won't be dropped before child, if
> child dentry is alive.
I'd be tempted to agree here
> However holding a proper dentry reference in an
> inode might be tricky as dentry holds the reference to its inode.
Hmm, yeah, that's problematic.
Could it be held in landlock and not by the inode?
Just thinking out loud.
> > My understanding is that in cacheless mode we're dropping dentries
> > aggressively so that things like readdir() are refreshed, but I'm
> > thinking this should work even if we keep some dentries alive when their
> > inode is held up.
>
> If we have some way of keeping the dentry alive (without introducing
> circular reference problems) then I guess that would work and we don't
> have to track paths ourselves.
Yes, that's the idea - the dentry basically already contain the path, so
we wouldn't be reinventing the wheel...
> > - if that doesn't work (or is too complicated), I'm thinking tracking
> > path is probably better than qid-based filtering based on what we
> > discussed as it only affects uncached mode.. I'll need to spend some
> > time testing but I think we can move forward with the current patchset
> > rather than try something new.
>
> Note that in discussion with Mickaël (maintainer of Landlock) he indicated
> that he would be comfortable for Landlock to track a qid, instead of
> holding a inode, specifically for 9pfs.
Yes, I saw that, but what you pointed out about qid reuse make me
somewhat uncomfortable with that direction -- you could allow a
directory, delete it, create a new one somewhere else and if the
underlying fs reuse the same inode number the rule would allow an
intended directory instead so I'd rather not rely on qid for this
either.
But if you think that's not a problem in practice (because e.g. landlock
would somehow detect the dir got deleted or another good reason it's not
a problem) then I agree it's probably the simplest way forward
implementation-wise.
--
Dominique Martinet | Asmadeus
next prev parent reply other threads:[~2025-09-16 13:36 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 0:04 [PATCH v2 0/7] fs/9p: Reuse inode based on path (in addition to qid) Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 1/7] fs/9p: Add ability to identify inode by path for .L in uncached mode Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 2/7] fs/9p: add option for path-based inodes Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 3/7] fs/9p: Add ability to identify inode by path for non-.L in uncached mode Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 4/7] fs/9p: .L: Refresh stale inodes on reuse Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 5/7] fs/9p: non-.L: " Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 6/7] fs/9p: update the target's ino_path on rename Tingmao Wang
2025-09-04 0:04 ` [PATCH v2 7/7] docs: fs/9p: Document the "inodeident" option Tingmao Wang
2025-09-14 21:25 ` [PATCH v2 0/7] fs/9p: Reuse inode based on path (in addition to qid) Tingmao Wang
2025-09-15 12:53 ` Dominique Martinet
2025-09-15 13:44 ` Tingmao Wang
2025-09-15 23:31 ` Dominique Martinet
2025-09-16 12:44 ` Tingmao Wang
2025-09-16 13:35 ` Dominique Martinet [this message]
2025-09-16 14:01 ` Tingmao Wang
2025-09-16 19:22 ` Christian Schoenebeck
2025-09-16 23:59 ` Tingmao Wang
2025-09-17 9:52 ` Christian Schoenebeck
2025-09-17 15:00 ` Mickaël Salaün
2025-09-21 16:24 ` Tingmao Wang
2025-09-27 18:27 ` Mickaël Salaün
2025-09-27 22:53 ` Tingmao Wang
2025-09-29 13:06 ` Christian Schoenebeck
2025-10-13 9:24 ` Greg Kurz
2025-09-16 13:43 ` Christian Schoenebeck
2025-09-15 14:10 ` Christian Schoenebeck
2025-09-17 15:00 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMlnpz7TrbXuL0mc@codewreck.org \
--to=asmadeus@codewreck.org \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=ericvh@kernel.org \
--cc=gnoack@google.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lucho@ionkov.net \
--cc=m@maowtm.org \
--cc=mic@digikod.net \
--cc=repnop@google.com \
--cc=v9fs@lists.linux.dev \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).