On Thu, May 29, 2025 at 10:05:59AM -0700, Song Liu wrote:

On Thu, May 29, 2025 at 9:57 AM Alexei Starovoitov
[off-list ref] wrote:
[...]

quoted

quoted

How about we describe this as:

Introduce a path iterator, which safely (no crash) walks a struct path.
Without malicious parallel modifications, the walk is guaranteed to
terminate. The sequence of dentries maybe surprising in presence
of parallel directory or mount tree modifications and the iteration may
not ever finish in face of parallel malicious directory tree manipulations.

Hold on. If it's really the case then is the landlock susceptible
to this type of attack already ?
landlock may infinitely loop in the kernel ?

I think this only happens if the attacker can modify the mount or
directory tree as fast as the walk, which is probably impossible
in reality.

Yes, so this is not an infinite loop but an infinite race between the
kernel and a very fast malicious user space process with an infinite
number of available nested writable directories, that would also require
a filesystem (and a kernel) supporting infinite pathname length.

Thanks,
Song