On Sat, May 31, 2025 at 6:51 AM Tingmao Wang [off-list ref] wrote:
[...]

I'm not sure if the original behavior was intentional, but since this
technically counts as a functional changes, just pointing this out.

Thanks for pointing it out! I think it is possible to keep current
behavior. Or we can change the behavior and state that clearly
in the commit log. Mickaël, WDYT?

Also I'm slightly worried about the performance overhead of doing
path_connected for every hop in the iteration (but ultimately it's
Mickaël's call).  At least for Landlock, I think if we want to block all

Maybe we need a flag to path_parent (or path_walk_parent) so
that we only check for path_connected when necessary.

Thanks,
Song

access to disconnected files, as long as we eventually realize we have
been disconnected (by doing the "if dentry == path.mnt" check once when we
reach root), and in that case deny access, we should be good.

quoted

@@ -918,12 +915,15 @@ static bool is_access_to_paths_allowed(
                              allowed_parent1 = true;
                              allowed_parent2 = true;
                      }
+                     goto walk_done;
+             case PATH_PARENT_SAME_MOUNT:
                      break;
+             default:
+                     WARN_ON_ONCE(1);
+                     goto walk_done;
              }
-             parent_dentry = dget_parent(walker_path.dentry);
-             dput(walker_path.dentry);
-             walker_path.dentry = parent_dentry;
      }
+walk_done:
      path_put(&walker_path);

      if (!allowed_parent1) {