From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7A30CD6911 for ; Tue, 10 Oct 2023 09:25:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3C69D8D006D; Tue, 10 Oct 2023 05:25:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 376D38D0002; Tue, 10 Oct 2023 05:25:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2668C8D006D; Tue, 10 Oct 2023 05:25:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 192348D0002 for ; Tue, 10 Oct 2023 05:25:54 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A001BA0299 for ; Tue, 10 Oct 2023 09:25:53 +0000 (UTC) X-FDA: 81329019786.20.EA592DF Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by imf15.hostedemail.com (Postfix) with ESMTP id 4A319A0031 for ; Tue, 10 Oct 2023 09:25:51 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=alyssa.is header.s=fm1 header.b="L aGGhGd"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=XFjf2JnJ; dmarc=none; spf=pass (imf15.hostedemail.com: domain of hi@alyssa.is designates 66.111.4.27 as permitted sender) smtp.mailfrom=hi@alyssa.is ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696929951; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=ETNAk+cmNQvtBbCMDyx7O4aQl9NCuOdk+MTBq0tOexg=; b=guaxlx8fCzzpLploky3M79avvthg59Vd2j7rJDhP+4pBi0rZ0A1rhR+vWqcs5u9DmL40Ac VkWdqlfgF8dbRHNjbYco3yd9NzbNY+f7ILt+BsBsaNBeJRH4hhuQ6xwRU0M1g1u6XqJ0V5 yYZxkjQoP9jBc/38mjE/bOccgFW7U6Q= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=alyssa.is header.s=fm1 header.b="L aGGhGd"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=XFjf2JnJ; dmarc=none; spf=pass (imf15.hostedemail.com: domain of hi@alyssa.is designates 66.111.4.27 as permitted sender) smtp.mailfrom=hi@alyssa.is ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696929951; a=rsa-sha256; cv=none; b=p6N4yTyYm7U6dWK8ntFC5aacD6Q1VE/MTaXnsG7ZXVSc0//a8uWmnNtxPiqw5hexjG2s2p 9HBlewWYzA9fEPRjztRAE1Tdc1IC5zkdPnPv9M82DHFYjGk3mYGxm7S2pwTsnL0TQBsW9b Mwg8t/CTubcDBUybzbHNn5jEixVMN+c= Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 475495C028D; Tue, 10 Oct 2023 05:25:50 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 10 Oct 2023 05:25:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :sender:subject:subject:to:to; s=fm1; t=1696929950; x= 1697016350; bh=ETNAk+cmNQvtBbCMDyx7O4aQl9NCuOdk+MTBq0tOexg=; b=L aGGhGdX5jIFgCzgfyckJUhI8YK/Et3BZ0mlCFi6Tr6ffEiEisO4BFs5X/pR1SkPM r9vPdvH79Bz4jCxqYMmrPoz08G2eBT9S7A5sKpHnzC6DUrEjpxhpJMkeJZQ7eWeP QcL4jFP2Ak27f5DxCR4+YMGsm0GX1rpzgfEN5Y6A+3ZXL3FFDQrVv9HvHZjAYIj7 RGC1vCI6gYiIlR43NJXQaPWqbtv4xf29h4Uw+P8w84PGZFYwBqtaYYdxTjnOKuXp SdoEfo5UsEfTxNeiRfPclV4tNRboGPk9Q7srCOFCIGdH0hh/zMqUUh+qOVuj29kY mRCZUWcOMCe+JcJJQZpow== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1696929950; x=1697016350; bh=E TNAk+cmNQvtBbCMDyx7O4aQl9NCuOdk+MTBq0tOexg=; b=XFjf2JnJhJ1GbV5vc +eMSlrjXafQ2TZOtYl8sBSbg/1WWcYpkZ8PUSt2NygDUVWlrbP1EJ1CvWlftaRKn c2xMxeVFFfWZKST3RQF5KIs4AIOQKZtZsegzc+hyPq7lNgfuq+jVE7HsXqFQHxg+ WVNU2kMt8vm+DaznzASv3x1P/7tVkq8gHhPi3ZQ7T+iYWLAZxakgfCgV9WtHEbjB 9PEuen+DEk3gRarytbRIAYEhGCYVsaLnEKhKnVd/9YRsbkvwCF7fWPcIXE6NKG2B 1M9ZJxIrkSWexAqysW91i0zEvrqV6XMnCtJRs5wu02/iIkMGPPxq7JgB8Npz8CSm qx14w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrheehgdduhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomheptehlhihsshgr ucftohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepjeefhe ffheejjefgtdffteektdfgfefgfeejgeffkeejjeegtdevjeelheellefhnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrg drihhs X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 10 Oct 2023 05:25:49 -0400 (EDT) Received: by mbp.qyliss.net (Postfix, from userid 1000) id D7E29E9F; Tue, 10 Oct 2023 09:25:46 +0000 (UTC) From: Alyssa Ross To: Alexander Viro , Christian Brauner Cc: Kees Cook , Tetsuo Handa , Eric Biederman , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] exec: allow executing block devices Date: Tue, 10 Oct 2023 09:21:33 +0000 Message-ID: <20231010092133.4093612-1-hi@alyssa.is> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4A319A0031 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 8ion93fwngarke7zqky19jeyea3o6xdq X-HE-Tag: 1696929951-171001 X-HE-Meta: U2FsdGVkX18mJpaUAHiG84ERxzt3it3GPYZQ1XFAAGWxNp0GJobSbrQNR1Dsa7T6eARE5ISkMfBtMKVXuK2n2yKNbh957+KbeZVGe/mf0RUJnk+eUFcvB/E4APdfr1ySqAFjfd6amjxuEAdEFn/TgRcP0Qh0lOfZbSqqFS9O79M4n+gRLBRFsSN7kyNDe1r1TRQ1cmJJi/OdRt3S9sWQBsV1HwdnsrbPoFwHez4yt35a3F3+bKttfoiaku6U6HLbV/CnCBITyQ2Z7RtdSGdZurQHh9Ev5PNxlj73cP9BCpL4rzdFMpIbbgPlApgsYRDlfiPy1m3vVayoZsXCFe4deySkylOzWVZ1NGFdzdSSCfzxpesUiCw9+ESQbWTANjPfiusL3UyXx3kZYkt02VxnFNCp0ofnwi/893BreMagcE9lj/B8YNEjJWxkKEPaAnoPA7Kb5V9+rGgDMRY0C2sTUSgqbxflIDUsqpnBSFfPq5kPwvssfL9E+1jP0XHp9DyNJVqV801kcav4W00vrRpPohDac6EzQLutnAU9b0AB5qbf0sK5SsUjPajC7A3yI5Eg9CPCBe+AHej+fl4eXy08a8R9v/Kw+dOrzkvZvO7LA2V/aSLnFE1PcYsq3K5u7keMvmK5DeSOa5JOl2XRR+jxisH6i1J8WFuav/oUtQf92QL+QYMklLatT+HHoG8DwBW8+5nLFBQqALzr8W7gIJZguZO5MvVUwzZabdeuHvlby29eDb6S55ZrdFr3CDkeONiCaZ6OYVlu3p5fLif9Y6VExul+pTlE0VZfajcVPdSwSbgoQCCkBiqcAcnUG1RcMkV76lYezW0iI9xRsrnyWYOu7MQuzJtD2jsJ4Vok0L6i/baEp5p13Oyet9Mn8Twdbcq9mVbr3qI8EEfHkyyDkjpoPTx5N3Dqp4Dr0MgSJ3pFDCXqGlW1x1Kt/kyRIxozEh+GIi3Yt8lfopPwiwVRQsN bFg6vVXc 9mFBPxtN5/1UpLwjWLB6WlvBuDyb2di24+rQ8IfhDn8y1O8eSDojV7HCR+IqNmMvDu9pSsWnIDe12zv4M5Pw2vmXzk2NZIvLgJmjvM+bhq/szjgjrMFYg4mXs+i1WtUVwqRbREaBtzjKJzdOOkqk5/DXuvfP9eiNKV896QsOU3e9qndxYjlTLmQFRl+Z4VuNdsFnhl3t2ei2mGYMr9G7/B4iB3Oox6i7RxUydgl7hTPRbJCo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As far as I can tell, the S_ISREG() check is there to prevent executing files where that would be nonsensical, like directories, fifos, or sockets. But the semantics for executing a block device are quite obvious — the block device acts just like a regular file. My use case is having a common VM image that takes a configurable payload to run. The payload will always be a single ELF file. I could share the file with virtio-fs, or I could create a disk image containing a filesystem containing the payload, but both of those add unnecessary layers of indirection when all I need to do is share a single executable blob with the VM. Sharing it as a block device is the most natural thing to do, aside from the (arbitrary, as far as I can tell) restriction on executing block devices. (The only slight complexity is that I need to ensure that my payload size is rounded up to a whole number of sectors, but that's trivial and fast in comparison to e.g. generating a filesystem image.) Signed-off-by: Alyssa Ross --- fs/exec.c | 6 ++++-- fs/namei.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 6518e33ea813..e29a9f16da5f 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -148,7 +148,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) * and check again at the very end too. */ error = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || + if (WARN_ON_ONCE((!S_ISREG(file_inode(file)->i_mode) && + !S_ISBLK(file_inode(file)->i_mode)) || path_noexec(&file->f_path))) goto exit; @@ -931,7 +932,8 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) * and check again at the very end too. */ err = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || + if (WARN_ON_ONCE((!S_ISREG(file_inode(file)->i_mode) && + !S_ISBLK(file_inode(file)->i_mode)) || path_noexec(&file->f_path))) goto exit; diff --git a/fs/namei.c b/fs/namei.c index 567ee547492b..60c89321604a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3254,7 +3254,7 @@ static int may_open(struct mnt_idmap *idmap, const struct path *path, fallthrough; case S_IFIFO: case S_IFSOCK: - if (acc_mode & MAY_EXEC) + if ((inode->i_mode & S_IFMT) != S_IFBLK && (acc_mode & MAY_EXEC)) return -EACCES; flag &= ~O_TRUNC; break; base-commit: 94f6f0550c625fab1f373bb86a6669b45e9748b3 -- 2.42.0