[PATCH bpf-next 2/4] landlock: Use path_parent()
Song Liu
song at kernel.org
Wed May 28 22:26:21 UTC 2025
Use path_parent() to walk a path up to its parent.
While path_parent() has an extra check with path_connected() than existing
code, there is no functional changes intended for landlock.
Signed-off-by: Song Liu <song at kernel.org>
---
security/landlock/fs.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 6fee7c20f64d..32a24758ad6e 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -837,7 +837,6 @@ static bool is_access_to_paths_allowed(
* restriction.
*/
while (true) {
- struct dentry *parent_dentry;
const struct landlock_rule *rule;
/*
@@ -896,19 +895,17 @@ static bool is_access_to_paths_allowed(
if (allowed_parent1 && allowed_parent2)
break;
jump_up:
- if (walker_path.dentry == walker_path.mnt->mnt_root) {
- if (follow_up(&walker_path)) {
- /* Ignores hidden mount points. */
- goto jump_up;
- } else {
- /*
- * Stops at the real root. Denies access
- * because not all layers have granted access.
- */
- break;
- }
- }
- if (unlikely(IS_ROOT(walker_path.dentry))) {
+ switch (path_parent(&walker_path)) {
+ case PATH_PARENT_CHANGED_MOUNT:
+ /* Ignores hidden mount points. */
+ goto jump_up;
+ case PATH_PARENT_REAL_ROOT:
+ /*
+ * Stops at the real root. Denies access
+ * because not all layers have granted access.
+ */
+ goto walk_done;
+ case PATH_PARENT_DISCONNECTED_ROOT:
/*
* Stops at disconnected root directories. Only allows
* access to internal filesystems (e.g. nsfs, which is
@@ -918,12 +915,15 @@ static bool is_access_to_paths_allowed(
allowed_parent1 = true;
allowed_parent2 = true;
}
+ goto walk_done;
+ case PATH_PARENT_SAME_MOUNT:
break;
+ default:
+ WARN_ON_ONCE(1);
+ goto walk_done;
}
- parent_dentry = dget_parent(walker_path.dentry);
- dput(walker_path.dentry);
- walker_path.dentry = parent_dentry;
}
+walk_done:
path_put(&walker_path);
if (!allowed_parent1) {
--
2.47.1
More information about the Linux-security-module-archive
mailing list