[PATCH bpf-next 3/4] bpf: Introduce path iterator
Christian Brauner
brauner at kernel.org
Mon Jun 2 09:32:30 UTC 2025
On Fri, May 30, 2025 at 07:43:48PM +0100, Al Viro wrote:
> On Fri, May 30, 2025 at 02:20:39PM +0200, Mickaël Salaün wrote:
>
> > Without access to mount_lock, what would be the best way to fix this
> > Landlock issue while making it backportable?
> >
> > >
> > > If we update path_parent in this patchset with choose_mountpoint(),
> > > and use it in Landlock, we will close this race condition, right?
> >
> > choose_mountpoint() is currently private, but if we add a new filesystem
> > helper, I think the right approach would be to expose follow_dotdot(),
> > updating its arguments with public types. This way the intermediates
> > mount points will not be exposed, RCU optimization will be leveraged,
> > and usage of this new helper will be simplified.
>
> IMO anything that involves struct nameidata should remain inside
> fs/namei.c - something public might share helpers with it, but that's
Strongly agree.
More information about the Linux-security-module-archive
mailing list