On Thu, May 29, 2025 at 10:05:59AM -0700, Song Liu wrote: > On Thu, May 29, 2025 at 9:57 AM Alexei Starovoitov > <alexei.starovoitov@xxxxxxxxx> wrote: > [...] > > > > > > How about we describe this as: > > > > > > Introduce a path iterator, which safely (no crash) walks a struct path. > > > Without malicious parallel modifications, the walk is guaranteed to > > > terminate. The sequence of dentries maybe surprising in presence > > > of parallel directory or mount tree modifications and the iteration may > > > not ever finish in face of parallel malicious directory tree manipulations. > > > > Hold on. If it's really the case then is the landlock susceptible > > to this type of attack already ? > > landlock may infinitely loop in the kernel ? > > I think this only happens if the attacker can modify the mount or > directory tree as fast as the walk, which is probably impossible > in reality. Yes, so this is not an infinite loop but an infinite race between the kernel and a very fast malicious user space process with an infinite number of available nested writable directories, that would also require a filesystem (and a kernel) supporting infinite pathname length. > > Thanks, > Song >
