lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPhsuW4tg+bXU41fhAaS0n74d_a_KCFGvy_vkQOj7v4VLie2wg@mail.gmail.com>
Date: Thu, 29 May 2025 09:53:21 -0700
From: Song Liu <song@...nel.org>
To: Jan Kara <jack@...e.cz>
Cc: Al Viro <viro@...iv.linux.org.uk>, bpf@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-security-module@...r.kernel.org, kernel-team@...a.com, 
	andrii@...nel.org, eddyz87@...il.com, ast@...nel.org, daniel@...earbox.net, 
	martin.lau@...ux.dev, brauner@...nel.org, kpsingh@...nel.org, 
	mattbobrowski@...gle.com, amir73il@...il.com, repnop@...gle.com, 
	jlayton@...nel.org, josef@...icpanda.com, mic@...ikod.net, gnoack@...gle.com
Subject: Re: [PATCH bpf-next 3/4] bpf: Introduce path iterator

Hi Al and Jan,

Thanks for your review!

On Thu, May 29, 2025 at 4:58 AM Jan Kara <jack@...e.cz> wrote:
>
> On Wed 28-05-25 23:37:24, Al Viro wrote:
> > On Wed, May 28, 2025 at 03:26:22PM -0700, Song Liu wrote:
> > > Introduce a path iterator, which reliably walk a struct path.
> >
> > No, it does not.  If you have no external warranty that mount
> > *and* dentry trees are stable, it's not reliable at all.
>
> I agree that advertising this as "reliable walk" is misleading. It is
> realiable in the sense that it will not dereference freed memory, leak
> references etc. As you say it is also reliable in the sense that without
> external modifications to dentry & mount tree, it will crawl the path to
> root. But in presence of external modifications the only reliability it
> offers is "it will not crash". E.g. malicious parallel modifications can
> arbitrarily prolong the duration of the walk.

How about we describe this as:

Introduce a path iterator, which safely (no crash) walks a struct path.
Without malicious parallel modifications, the walk is guaranteed to
terminate. The sequence of dentries maybe surprising in presence
of parallel directory or mount tree modifications and the iteration may
not ever finish in face of parallel malicious directory tree manipulations.

Current version of path iterator only supports walking towards the root,
with helper path_parent. But the path iterator API can be extended
to cover other use cases.

Thanks,
Song

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ