From: Alyssa Ross <hi@alyssa.is>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Eric Biederman <ebiederm@xmission.com>,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] exec: allow executing block devices
Date: Tue, 10 Oct 2023 09:21:33 +0000 [thread overview]
Message-ID: <20231010092133.4093612-1-hi@alyssa.is> (raw)
As far as I can tell, the S_ISREG() check is there to prevent
executing files where that would be nonsensical, like directories,
fifos, or sockets. But the semantics for executing a block device are
quite obvious — the block device acts just like a regular file.
My use case is having a common VM image that takes a configurable
payload to run. The payload will always be a single ELF file.
I could share the file with virtio-fs, or I could create a disk image
containing a filesystem containing the payload, but both of those add
unnecessary layers of indirection when all I need to do is share a
single executable blob with the VM. Sharing it as a block device is
the most natural thing to do, aside from the (arbitrary, as far as I
can tell) restriction on executing block devices. (The only slight
complexity is that I need to ensure that my payload size is rounded up
to a whole number of sectors, but that's trivial and fast in
comparison to e.g. generating a filesystem image.)
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
fs/exec.c | 6 ++++--
fs/namei.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 6518e33ea813..e29a9f16da5f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -148,7 +148,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
* and check again at the very end too.
*/
error = -EACCES;
- if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
+ if (WARN_ON_ONCE((!S_ISREG(file_inode(file)->i_mode) &&
+ !S_ISBLK(file_inode(file)->i_mode)) ||
path_noexec(&file->f_path)))
goto exit;
@@ -931,7 +932,8 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
* and check again at the very end too.
*/
err = -EACCES;
- if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
+ if (WARN_ON_ONCE((!S_ISREG(file_inode(file)->i_mode) &&
+ !S_ISBLK(file_inode(file)->i_mode)) ||
path_noexec(&file->f_path)))
goto exit;
diff --git a/fs/namei.c b/fs/namei.c
index 567ee547492b..60c89321604a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3254,7 +3254,7 @@ static int may_open(struct mnt_idmap *idmap, const struct path *path,
fallthrough;
case S_IFIFO:
case S_IFSOCK:
- if (acc_mode & MAY_EXEC)
+ if ((inode->i_mode & S_IFMT) != S_IFBLK && (acc_mode & MAY_EXEC))
return -EACCES;
flag &= ~O_TRUNC;
break;
base-commit: 94f6f0550c625fab1f373bb86a6669b45e9748b3
--
2.42.0
next reply other threads:[~2023-10-10 9:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 9:21 Alyssa Ross [this message]
2023-10-10 22:48 ` [PATCH] exec: allow executing block devices Kees Cook
2023-10-11 7:38 ` Alyssa Ross
2023-10-11 15:59 ` Kees Cook
2023-10-20 6:06 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231010092133.4093612-1-hi@alyssa.is \
--to=hi@alyssa.is \
--cc=brauner@kernel.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.