[PATCH bpf-next 3/4] bpf: Introduce path iterator
Mickaël Salaün
mic at digikod.net
Fri May 30 14:20:39 UTC 2025
On Thu, May 29, 2025 at 10:05:59AM -0700, Song Liu wrote:
> On Thu, May 29, 2025 at 9:57 AM Alexei Starovoitov
> <alexei.starovoitov at gmail.com> wrote:
> [...]
> > >
> > > How about we describe this as:
> > >
> > > Introduce a path iterator, which safely (no crash) walks a struct path.
> > > Without malicious parallel modifications, the walk is guaranteed to
> > > terminate. The sequence of dentries maybe surprising in presence
> > > of parallel directory or mount tree modifications and the iteration may
> > > not ever finish in face of parallel malicious directory tree manipulations.
> >
> > Hold on. If it's really the case then is the landlock susceptible
> > to this type of attack already ?
> > landlock may infinitely loop in the kernel ?
>
> I think this only happens if the attacker can modify the mount or
> directory tree as fast as the walk, which is probably impossible
> in reality.
Yes, so this is not an infinite loop but an infinite race between the
kernel and a very fast malicious user space process with an infinite
number of available nested writable directories, that would also require
a filesystem (and a kernel) supporting infinite pathname length.
>
> Thanks,
> Song
>
More information about the Linux-security-module-archive
mailing list