lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250602-zuarbeiten-entledigen-d793f4e0bce3@brauner>
Date: Mon, 2 Jun 2025 11:41:19 +0200
From: Christian Brauner <brauner@...nel.org>
To: Mickaël Salaün <mic@...ikod.net>
Cc: Song Liu <song@...nel.org>, 
	Alexei Starovoitov <alexei.starovoitov@...il.com>, Jan Kara <jack@...e.cz>, Al Viro <viro@...iv.linux.org.uk>, 
	bpf <bpf@...r.kernel.org>, Linux-Fsdevel <linux-fsdevel@...r.kernel.org>, 
	LKML <linux-kernel@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, 
	Kernel Team <kernel-team@...a.com>, Andrii Nakryiko <andrii@...nel.org>, Eduard <eddyz87@...il.com>, 
	Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	Martin KaFai Lau <martin.lau@...ux.dev>, KP Singh <kpsingh@...nel.org>, 
	Matt Bobrowski <mattbobrowski@...gle.com>, Amir Goldstein <amir73il@...il.com>, repnop@...gle.com, 
	Jeff Layton <jlayton@...nel.org>, Josef Bacik <josef@...icpanda.com>, 
	Günther Noack <gnoack@...gle.com>
Subject: Re: [PATCH bpf-next 3/4] bpf: Introduce path iterator

On Fri, May 30, 2025 at 04:20:39PM +0200, Mickaël Salaün wrote:
> On Thu, May 29, 2025 at 10:05:59AM -0700, Song Liu wrote:
> > On Thu, May 29, 2025 at 9:57 AM Alexei Starovoitov
> > <alexei.starovoitov@...il.com> wrote:
> > [...]
> > > >
> > > > How about we describe this as:
> > > >
> > > > Introduce a path iterator, which safely (no crash) walks a struct path.
> > > > Without malicious parallel modifications, the walk is guaranteed to
> > > > terminate. The sequence of dentries maybe surprising in presence
> > > > of parallel directory or mount tree modifications and the iteration may
> > > > not ever finish in face of parallel malicious directory tree manipulations.
> > >
> > > Hold on. If it's really the case then is the landlock susceptible
> > > to this type of attack already ?
> > > landlock may infinitely loop in the kernel ?
> > 
> > I think this only happens if the attacker can modify the mount or
> > directory tree as fast as the walk, which is probably impossible
> > in reality.
> 
> Yes, so this is not an infinite loop but an infinite race between the
> kernel and a very fast malicious user space process with an infinite
> number of available nested writable directories, that would also require
> a filesystem (and a kernel) supporting infinite pathname length.

Uhm, I'm not so sure. If you have really deep directory chains and
expose them via bind-mounts in multiple location then it was already
easy to trigger livelocks because e.g., is_subdir() did lockless
sequence counter checks and it refired over and over and over again.
We've fixed that since but such issues aren't all that theoretical. IOW,
the bug was caused simply by having too many concurrent tree
modifications and parts of the code need to make sure that they haven't
affected their result. So I would be very careful with asserting that
it's not possible to hit such issues in real-life...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ