[PATCH bpf-next 3/4] bpf: Introduce path iterator

Song Liu song at kernel.org
Thu May 29 17:05:59 UTC 2025


On Thu, May 29, 2025 at 9:57 AM Alexei Starovoitov
<alexei.starovoitov at gmail.com> wrote:
[...]
> >
> > How about we describe this as:
> >
> > Introduce a path iterator, which safely (no crash) walks a struct path.
> > Without malicious parallel modifications, the walk is guaranteed to
> > terminate. The sequence of dentries maybe surprising in presence
> > of parallel directory or mount tree modifications and the iteration may
> > not ever finish in face of parallel malicious directory tree manipulations.
>
> Hold on. If it's really the case then is the landlock susceptible
> to this type of attack already ?
> landlock may infinitely loop in the kernel ?

I think this only happens if the attacker can modify the mount or
directory tree as fast as the walk, which is probably impossible
in reality.

Thanks,
Song



More information about the Linux-security-module-archive mailing list