From patchwork Mon Apr 7 09:54:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040111 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E2AD230993; Mon, 7 Apr 2025 09:54:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019678; cv=none; b=o3QBWqBG2b3VaKxkKQv6sYD2ajZlvCnGA4GPN8BT4oEekGUopCy0PA5XxSP65PYTjUYRmcSyyO4m/TMK11PdkKSED3S0c/Do1z7bLUBtoygvZG6IJtBvCqTN0gEmNjJMgOGBl7DP2+hyDZziBjIf41MzJs+O1RE/88NhoqKEaTE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019678; c=relaxed/simple; bh=NYh0DihgsxzRcHuA1zI/gQF/Wj+Z5uW0uYxJfjAB+IU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=W7CfJIq9CNyP568FmyGP6bLiYCVBIzJt8Wa4wqWgvKnojyhVvY6wCtO/ckCG+DmedbSal5MSGZ7t5RpTDfU9WtdL/8PJeJhV1Og6Ze1iXiLy/CiDy3/U1vGA/245lfXJLZ8ZF1vdB5hG6WGtFK23t93Pp2Ig7wR8Z1Bt+HiVj2Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rmfUyDnb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rmfUyDnb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D844C4CEEB; Mon, 7 Apr 2025 09:54:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019677; bh=NYh0DihgsxzRcHuA1zI/gQF/Wj+Z5uW0uYxJfjAB+IU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rmfUyDnbB4VL+bkpmQu9Mdqr2jnm6FTbz+eephcuqznnHd5xOCSrxlQqda+a9ZXE6 VQmedmy9JUy95NAGqLTjOOPVKPuEjjvqmiKAqmGvm4/6p3f36li0w3NJNP5yAiXM6D MJnPVz8rNgKXvukFbh97SaApXaHOhmkdRPbAhkirOsaaAKEHbrQQAvgYkRmET5iNlk n08guH6qJCBXc/22F4LRvz03hnLFzxi7D57rcWqyBA8C4SOiD+MGLxlLN/URSebyZ2 dp4UFeBUsD8VDn8+e3FDifQrNGo/jfAtOyKfP8DpD7913ts1QAmsA9mZCMp5hH6LGR HWcpEBgSYViVA== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:15 +0200 Subject: [PATCH 1/9] anon_inode: use a proper mode internally Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-1-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner , stable@vger.kernel.org X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=3800; i=brauner@kernel.org; h=from:subject:message-id; bh=NYh0DihgsxzRcHuA1zI/gQF/Wj+Z5uW0uYxJfjAB+IU=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnD9U/q5575WCxSW8Z29p8Z0ZMusC9zRv3ezdMbP7 t92sqPQvaOUhUGMi0FWTJHFod0kXG45T8Vmo0wNmDmsTCBDGLg4BWAiWo8Y/qel/XUo3Rheqfxk r8iZ7XpHX6frn3VW2zm970ansLa2lQkjw/OXCj8P+Xa8zS2Y1++4JVuKvdTu2nxV76+fzvmvDzH ZzwoA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 This allows the VFS to not trip over anonymous inodes and we can add asserts based on the mode into the vfs. When we report it to userspace we can simply hide the mode to avoid regressions. I've audited all direct callers of alloc_anon_inode() and only secretmen overrides i_mode and i_op inode operations but it already uses a regular file. Fixes: af153bb63a336 ("vfs: catch invalid modes in may_open()") Cc: # all LTS kernels Reported-by: syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67ed3fb3.050a0220.14623d.0009.GAE@google.com Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- fs/anon_inodes.c | 36 ++++++++++++++++++++++++++++++++++++ fs/internal.h | 3 +++ fs/libfs.c | 2 +- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 583ac81669c2..42e4b9c34f89 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -24,9 +24,43 @@ #include +#include "internal.h" + static struct vfsmount *anon_inode_mnt __ro_after_init; static struct inode *anon_inode_inode __ro_after_init; +/* + * User space expects anonymous inodes to have no file type in st_mode. + * + * In particular, 'lsof' has this legacy logic: + * + * type = s->st_mode & S_IFMT; + * switch (type) { + * ... + * case 0: + * if (!strcmp(p, "anon_inode")) + * Lf->ntype = Ntype = N_ANON_INODE; + * + * to detect our old anon_inode logic. + * + * Rather than mess with our internal sane inode data, just fix it + * up here in getattr() by masking off the format bits. + */ +int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, + struct kstat *stat, u32 request_mask, + unsigned int query_flags) +{ + struct inode *inode = d_inode(path->dentry); + + generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); + stat->mode &= ~S_IFMT; + return 0; +} + +static const struct inode_operations anon_inode_operations = { + .getattr = anon_inode_getattr, +}; + /* * anon_inodefs_dname() is called from d_path(). */ @@ -66,6 +100,7 @@ static struct inode *anon_inode_make_secure_inode( if (IS_ERR(inode)) return inode; inode->i_flags &= ~S_PRIVATE; + inode->i_op = &anon_inode_operations; error = security_inode_init_security_anon(inode, &QSTR(name), context_inode); if (error) { @@ -313,6 +348,7 @@ static int __init anon_inode_init(void) anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); if (IS_ERR(anon_inode_inode)) panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); + anon_inode_inode->i_op = &anon_inode_operations; return 0; } diff --git a/fs/internal.h b/fs/internal.h index b9b3e29a73fd..717dc9eb6185 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -343,3 +343,6 @@ static inline bool path_mounted(const struct path *path) void file_f_owner_release(struct file *file); bool file_seek_cur_needs_f_lock(struct file *file); int statmount_mnt_idmap(struct mnt_idmap *idmap, struct seq_file *seq, bool uid_map); +int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, + struct kstat *stat, u32 request_mask, + unsigned int query_flags); diff --git a/fs/libfs.c b/fs/libfs.c index 6393d7c49ee6..0ad3336f5b49 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -1647,7 +1647,7 @@ struct inode *alloc_anon_inode(struct super_block *s) * that it already _is_ on the dirty list. */ inode->i_state = I_DIRTY; - inode->i_mode = S_IRUSR | S_IWUSR; + inode->i_mode = S_IFREG | S_IRUSR | S_IWUSR; inode->i_uid = current_fsuid(); inode->i_gid = current_fsgid(); inode->i_flags |= S_PRIVATE; From patchwork Mon Apr 7 09:54:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040112 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FEA822FF4C for ; Mon, 7 Apr 2025 09:54:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019682; cv=none; b=kW6IAHmtAEhFPDO05dvG7ms+mGTyvbSm4vpYr9nagu0dt0v6ZWrKPK6zAY8/lqPknGEIFnCm2WR3g5UKwVOnQOYvKbXnxFE85rthe7ZE991fFO7JdEkSUpVmFbBT5qP86m7e/Pn5vhST7HafddNGdioK4ndXO/DBVAbM7okFsVI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019682; c=relaxed/simple; bh=jhlqxm/LtGJSpV927Vj90n5RoT+r+ciMarzN97pSa58=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=HYAyiJoMddVV/2uPd9VXWhWrGtMJFH9XGb/4oq8RrEpNCzYDgoZAxldy2+56MSpcPY+wmmKmFRgT5inEudM7i4vcC7HL/NRr7Rx4vRE8D9zdfbnyY0Kgo53Px/kk4rfcItRDB5yJZ7vkX7gC/0SgYpVHJIM/o/vr4a/sEppsynM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Vt2Ze6L+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Vt2Ze6L+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 332D4C4CEE9; Mon, 7 Apr 2025 09:54:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019680; bh=jhlqxm/LtGJSpV927Vj90n5RoT+r+ciMarzN97pSa58=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Vt2Ze6L+b3CmRGCAiyXqYzXRoClhwvBJJ3fO7JE82EdQyN+txHlBhoL/4MPeu6cwq lcXZk8N7tL//9G/I26GgobOlF2BUZN2y+UhaBTCaYRo+4yhtLd3ld/PrdjhI/USne7 OctKFlOafkadbOYYv8kMGieUGKL7QV5QounF+SPVnYv2jP5CBCtsQtP3TRK2ZWhetF t4f8p2wtzDk4OuCVCqmU9j6WHqWRKfK7XFH0LhQREt8LtCMQUw3XzsfrtxSTTq8eNi P1sQOij22aIklNLhPjJn1fZ51XlNFqUPPKXghS1XWKXDU+fP7pG9kPA15OmserfUSR N2QfJzR11CyTA== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:16 +0200 Subject: [PATCH 2/9] pidfs: use anon_inode_getattr() Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-2-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=1520; i=brauner@kernel.org; h=from:subject:message-id; bh=jhlqxm/LtGJSpV927Vj90n5RoT+r+ciMarzN97pSa58=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnDdIqT8aq8wd1/MB8nc2w/CnvazrVjgWPftjE7Rm nR112WpHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABPZ+Ynhf7Fn02rByx/XrDvs +n9Vt5Kld42cXN666p3lQpNdD5oXuDP8z+jxmGF1qax55796lg4PxWvqqq5Hzx6anZbRt1lou+4 lXgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 So far pidfs did use it's own version. Just use the generic version. We use our own wrappers because we're going to be implementing our own retrieval properties soon. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- fs/pidfs.c | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/fs/pidfs.c b/fs/pidfs.c index d64a4cbeb0da..809c3393b6a3 100644 --- a/fs/pidfs.c +++ b/fs/pidfs.c @@ -572,33 +572,11 @@ static int pidfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry, return -EOPNOTSUPP; } - -/* - * User space expects pidfs inodes to have no file type in st_mode. - * - * In particular, 'lsof' has this legacy logic: - * - * type = s->st_mode & S_IFMT; - * switch (type) { - * ... - * case 0: - * if (!strcmp(p, "anon_inode")) - * Lf->ntype = Ntype = N_ANON_INODE; - * - * to detect our old anon_inode logic. - * - * Rather than mess with our internal sane inode data, just fix it - * up here in getattr() by masking off the format bits. - */ static int pidfs_getattr(struct mnt_idmap *idmap, const struct path *path, struct kstat *stat, u32 request_mask, unsigned int query_flags) { - struct inode *inode = d_inode(path->dentry); - - generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); - stat->mode &= ~S_IFMT; - return 0; + return anon_inode_getattr(idmap, path, stat, request_mask, query_flags); } static const struct inode_operations pidfs_inode_operations = { From patchwork Mon Apr 7 09:54:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040113 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AA3B232786; Mon, 7 Apr 2025 09:54:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019684; cv=none; b=LU/5d5JT4Fb+aocDggOjMJia/zKkeKkGZNH0yHKdThUmnhezcgXlL2F+KWk0EAfTCz51v6Qakq1hl9KyJKorAnqg3qgP6zsJzh8QuLsToLLOQ1EShnQfxi7bC3VaPdjU2WMP7y7nc5vEWF1LTWEdtyInLWIZNw9xDcT/GuzGWwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019684; c=relaxed/simple; bh=J9CHe/ahjfMP60lzB1vrs6byIhUwN+MUGzR6IctlP3g=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NYZr1J8bHRkYbr8pxuI70iRUoV9F9MwXiK6pNPbWIX5Ef9Ov5B4oFrdjPLNDvm1iaihGqiJ1HRXZRratlO+hC/xyqirwe430zr6A2YZkoCM3K4ffkqr7/wJUolbPAXg0fOEAYkq01JGbfwYmOlwXni8g2REqircxs30IauMp+J8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CRmGVPbz; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CRmGVPbz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 591FCC4CEEB; Mon, 7 Apr 2025 09:54:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019684; bh=J9CHe/ahjfMP60lzB1vrs6byIhUwN+MUGzR6IctlP3g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CRmGVPbzsmR8c0WDAXBhWRKvZ4AyZIU7RvO5V6w9Ir5DQ2PGZaitf+NxLKFIVESpH P/qwNC88gLCc73CFF1fdeHbRcPcvOqcx/bSpQxX2/JZLwJGFZrh/mgMRHIkz69Y8wC pkRtGJfZjugLLvuLd+1llp2OS/ay8on2mDxl8+FlXheYlae2juo9qNLJL+JPI2Vcpg BwEtgTSbgeKVxsP+VK6CW23TKK3A5H1N6EEYxgOTFbBjluOTyaN0DfLTxluWSd9+Vr xhUMio69R0Hpx22VU4YJGLe5MQqNZyArkUOPJo2VCheM0cNSpucUR9z4YicTh0yzr8 Reatp/CGf0QMQ== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:17 +0200 Subject: [PATCH 3/9] anon_inode: explicitly block ->setattr() Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-3-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner , stable@vger.kernel.org X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=2371; i=brauner@kernel.org; h=from:subject:message-id; bh=J9CHe/ahjfMP60lzB1vrs6byIhUwN+MUGzR6IctlP3g=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnA9ekLCJPMqtqDupxwf9S/Nr584f4/c76f/f1kWf P+6Li1uQ0cpC4MYF4OsmCKLQ7tJuNxynorNRpkaMHNYmUCGMHBxCsBETnUy/OGNufpEfov+yiif ln07PyU+PL/QzU9hYuhZ/fshT316zLYx/A+c7hqncPDrF5EM7RMszzr7n+yZOO9EeC/juaSke/q a9twA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 It is currently possible to change the mode and owner of the single anonymous inode in the kernel: int main(int argc, char *argv[]) { int ret, sfd; sigset_t mask; struct signalfd_siginfo fdsi; sigemptyset(&mask); sigaddset(&mask, SIGINT); sigaddset(&mask, SIGQUIT); ret = sigprocmask(SIG_BLOCK, &mask, NULL); if (ret < 0) _exit(1); sfd = signalfd(-1, &mask, 0); if (sfd < 0) _exit(2); ret = fchown(sfd, 5555, 5555); if (ret < 0) _exit(3); ret = fchmod(sfd, 0777); if (ret < 0) _exit(3); _exit(4); } This is a bug. It's not really a meaningful one because anonymous inodes don't really figure into path lookup and they cannot be reopened via /proc//fd/ and can't be used for lookup itself. So they can only ever serve as direct references. But it is still completely bogus to allow the mode and ownership or any of the properties of the anonymous inode to be changed. Block this! Cc: # all LTS kernels Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- fs/anon_inodes.c | 7 +++++++ fs/internal.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 42e4b9c34f89..cb51a90bece0 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -57,8 +57,15 @@ int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, return 0; } +int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, + struct iattr *attr) +{ + return -EOPNOTSUPP; +} + static const struct inode_operations anon_inode_operations = { .getattr = anon_inode_getattr, + .setattr = anon_inode_setattr, }; /* diff --git a/fs/internal.h b/fs/internal.h index 717dc9eb6185..f545400ce607 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -346,3 +346,5 @@ int statmount_mnt_idmap(struct mnt_idmap *idmap, struct seq_file *seq, bool uid_ int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, struct kstat *stat, u32 request_mask, unsigned int query_flags); +int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, + struct iattr *attr); From patchwork Mon Apr 7 09:54:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040114 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43EDA230BE3 for ; Mon, 7 Apr 2025 09:54:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019687; cv=none; b=f0Ic+QojGYMZf0YtFxteU/OiMciCl4brlxGHGoKpzAFnmHJr9ZxkntuSQXV5Y7yxl2OoFthc82AUk5I+3fiebruqmb1cqmLQTHsnC6B4XznRlmeKH6azlOeDmIyUgRNGc9542yjFPlQPRSU6AjaJHT1s+cAK9w+vha8+YQEJvIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019687; c=relaxed/simple; bh=q4UifftWHMRvgDOR2Z7EcppRTDTM6ks/A3hEJ1YXT38=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Fljnmjh8VeIhgDtxUrYcYadqRlkeQqpEwvLRQFoYmoFr8cMdR+x2sbHB+waR5gYRMU2wfsLyQ1FQz+FXrtYKJ06XfY/4674TEgoUvy0OYX4eX/LPWoi3teMM0IDXSJHDi5pLXsly/CYhLXtwoHI08s168IP3ltA1NAg3ob+mWQA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=m+KLSyl4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="m+KLSyl4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6F79BC4CEEB; Mon, 7 Apr 2025 09:54:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019686; bh=q4UifftWHMRvgDOR2Z7EcppRTDTM6ks/A3hEJ1YXT38=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=m+KLSyl46OsKtVMQm40q+lHzm7OHN/uxVaK11YVdRpaJbET4Wtwq0eSyub7Am6/f9 VJudGf3+2B9gfPLd3IScfS23pJKywjY9U7mUPPNTxD2W961Eylr/WUHlHnRCV7EDIb 5Anr5gnV/Fy1NR7MHRTGbAI2wao1R8hASiMFXEoNWsbvhOQ8R7PYnnTElDajF8IIhn Qo63+8svOkzHvRwHblbMxgc+o27leyFsSflUdCRnq3n/5UcClVytsppLBjLZ9Awtmo G2WoRs8EGXL6f9ft7LndBihhVL+RRb+u35ptMz++DCncqfl+LqPQtYUNxQxK1BEY5F MBrcM0qo66ecA== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:18 +0200 Subject: [PATCH 4/9] pidfs: use anon_inode_setattr() Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-4-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=749; i=brauner@kernel.org; h=from:subject:message-id; bh=q4UifftWHMRvgDOR2Z7EcppRTDTM6ks/A3hEJ1YXT38=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnC9+WTlLkbpngjvmRwcSzN4BbNkxeao5qf2tmxP3 zvRqOlKRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwER4nzMyzA6aHX5VWy3XR3fq 56IzK8q/r/s8x8Xod1Ze+I1lv224LzP8s2jZLqudWLcm4dwG3vJJfUmfw4zvvL2Uf6PhXsVXqae pLAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 So far pidfs did use it's own version. Just use the generic version. We use our own wrappers because we're going to be implementing properties soon. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- fs/pidfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pidfs.c b/fs/pidfs.c index 809c3393b6a3..10b4ee454cca 100644 --- a/fs/pidfs.c +++ b/fs/pidfs.c @@ -569,7 +569,7 @@ static struct vfsmount *pidfs_mnt __ro_after_init; static int pidfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry, struct iattr *attr) { - return -EOPNOTSUPP; + return anon_inode_setattr(idmap, dentry, attr); } static int pidfs_getattr(struct mnt_idmap *idmap, const struct path *path, From patchwork Mon Apr 7 09:54:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040115 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77BF0233D91; Mon, 7 Apr 2025 09:54:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019690; cv=none; b=oEgNCfYF4fXo0UZnA/fw4GikT0eX6cOL5RaMjeXiPZJF0yhEzVXxFmKCnT9PIgbNHNE5Cnt/HyA4WXYF2PQyzVvcXYPwegr0e385dIDkJeXqky9tDVixiBWr8OP+KyatFwUmnsqmytrzi0pOGMFgU/m0wNGnYrwg+p+wsz1LkbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019690; c=relaxed/simple; bh=IMyaaRhNbHINxvRwQWTPO6x2oZELjyNpk11Fp2LW0F0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JFHNXv5u8u+OTSuu+IeFw72DTC1SVcYSUZ7e/NybbXypbPGHXA3GHJ+2CvVZ95FPmpXoEEYndl1yYWa6HVViLwG+HMkZTBU204P3patHtmmZxpEaULL4Ra6Qm5KQU7Zz7CxmC0SWKxSU+CUraUxCsnMhKu/3ROJYq33jxuN1rws= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Vy0DgunI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Vy0DgunI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35383C4CEED; Mon, 7 Apr 2025 09:54:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019690; bh=IMyaaRhNbHINxvRwQWTPO6x2oZELjyNpk11Fp2LW0F0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Vy0DgunIxgQg/V9RNVlUSd9buorfK7Z17FoPGcnAkfxnN8fOppzB9HtEvdTf8od/a 0E6AsYIxzvsiUonemaAd54PRjM0ZryLtEIBPYt3pWinq5zEs1UlQHeowY7VMkoqvyO BK0z9IUF8RR3/b6hsoWu15vhTVzfGjqHvHNi5wE5fT4KSzVNUQAw2KMGX6NLJ9AFvl /hrnig2GErGO2IZhXWSMoFNjJ8nXFVq3qflR/I46MVSQbM3/IUYDkeijE9j4TQCkXp aw0wjpmUKTASwZf2Zy+ZM85c7IeeA1Ji8xZ1vSDSMoOqzYIzrX5wJCNbvecNyVuF/F lDSwPKA1Mkgvg== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:19 +0200 Subject: [PATCH 5/9] anon_inode: raise SB_I_NODEV and SB_I_NOEXEC Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-5-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner , stable@vger.kernel.org X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=1280; i=brauner@kernel.org; h=from:subject:message-id; bh=IMyaaRhNbHINxvRwQWTPO6x2oZELjyNpk11Fp2LW0F0=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnDdWJNNOeTJx7afsb1RHw3vqVx937U51rOFeX2Dw 5b+g35rO0pZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACbSs4+R4aVZ1cFPz+9LfO2a oX41vCZkye997RH3OhZ/utPXsnbTu4kM/0u3fuk3ZVDQu1o82zRoL2/iY2/3h9UhTLdFKk5rNS1 8ygsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 It isn't possible to execute anoymous inodes because they cannot be opened in any way after they have been created. This includes execution: execveat(fd_anon_inode, "", NULL, NULL, AT_EMPTY_PATH) Anonymous inodes have inode->f_op set to no_open_fops which sets no_open() which returns ENXIO. That means any call to do_dentry_open() which is the endpoint of the do_open_execat() will fail. There's no chance to execute an anonymous inode. Unless a given subsystem overrides it ofc. Howerver, we should still harden this and raise SB_I_NODEV and SB_I_NOEXEC on the superblock itself so that no one gets any creative ideas. Cc: # all LTS kernels Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- fs/anon_inodes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index cb51a90bece0..e51e7d88980a 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -86,6 +86,8 @@ static int anon_inodefs_init_fs_context(struct fs_context *fc) struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); if (!ctx) return -ENOMEM; + fc->s_iflags |= SB_I_NOEXEC; + fc->s_iflags |= SB_I_NODEV; ctx->dops = &anon_inodefs_dentry_operations; return 0; } From patchwork Mon Apr 7 09:54:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040116 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEBC1230BE3 for ; Mon, 7 Apr 2025 09:54:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019693; cv=none; b=YKzZX7RPvWWEV9nWn+4u1ogOBUVguZS4h/rxwuv4zV9XxTzl8v7GdkwMeXHiEFptTeuEykXy22+xHvuCbglsviIhPkXmVoEDHSHn/xFDwNdAEhW2EqaKzgKnnI6EH4cWYjleS94wuTUTrIOz7i788zgRCjMQMXBKMXO538W4K/A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019693; c=relaxed/simple; bh=DXlx/3Lt1kFti0JEDO90iwULh4FPbpKzGHeQy9Zsv90=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VdQwvtHuMcxZCPioEe9HG5fAwumUKhLWn1ld6WuY6tuzUbVKaRgyxw1uq6n0pckL6w2cTu8J8UGKTm6DVgTMQkZlVzO6MJgfgDpi4DfoCBJbYlLfuDMa5H3NIvNLHOfKEE9YmCgOB7sZ5Ro+bTUe2vjjyi1KKnaIr6VmJZXzgdU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bvYDptvM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bvYDptvM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88B9DC4CEE9; Mon, 7 Apr 2025 09:54:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019693; bh=DXlx/3Lt1kFti0JEDO90iwULh4FPbpKzGHeQy9Zsv90=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bvYDptvMLtgYR1O4WxRF+biNe9hFgZsxW7xU6gjkrmfLc3NHXCjWfAJdU0ujmQeo4 2Ml/WMDfHSEbD1kSr1q88cCmhBk+WLhWXMkV89hfvkcqFUZABjWS+5rqohevXHI2OE rfkNn+wMpnIB8GY8FBVFWnOczcs0XEy82uq7+f7ZGb4ja/wjITfig2tzka2wNOypV3 y5mwYMMaaxv9Gt9X4fF0MbmXDRYc/kUSnsXU4JvP2qj0/9HxLOwjME3qqk2vxII9Ws yNPZHnLz98mf7tmTs+Ey1Iiyq4tfXYRNDqV8WssqDlVpUVXIcCDt//aKUfA5fO3GLc RzpTYz7hoY8cQ== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:20 +0200 Subject: [PATCH 6/9] selftests/filesystems: add first test for anonymous inodes Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-6-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=2018; i=brauner@kernel.org; h=from:subject:message-id; bh=DXlx/3Lt1kFti0JEDO90iwULh4FPbpKzGHeQy9Zsv90=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnDdO8N++cbWZe/T2Q+IbqmMYn8V2hXKt54jddEN/ eyar9YSHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABOZ/Jjhn+Hl3e9DduWf+e5y KHJb1/bE/ZNNXiw7taZuWv6aRU929isyMqy0+Gpc/bL/YIjuruDgYysOOFvfEVF0fjlJjC9FKDt gOgsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Test that anonymous inodes cannot be chown()ed. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- tools/testing/selftests/filesystems/.gitignore | 1 + tools/testing/selftests/filesystems/Makefile | 2 +- .../selftests/filesystems/anon_inode_test.c | 26 ++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/filesystems/.gitignore b/tools/testing/selftests/filesystems/.gitignore index 828b66a10c63..7afa58e2bb20 100644 --- a/tools/testing/selftests/filesystems/.gitignore +++ b/tools/testing/selftests/filesystems/.gitignore @@ -2,3 +2,4 @@ dnotify_test devpts_pts file_stressor +anon_inode_test diff --git a/tools/testing/selftests/filesystems/Makefile b/tools/testing/selftests/filesystems/Makefile index 66305fc34c60..b02326193fee 100644 --- a/tools/testing/selftests/filesystems/Makefile +++ b/tools/testing/selftests/filesystems/Makefile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 CFLAGS += $(KHDR_INCLUDES) -TEST_GEN_PROGS := devpts_pts file_stressor +TEST_GEN_PROGS := devpts_pts file_stressor anon_inode_test TEST_GEN_PROGS_EXTENDED := dnotify_test include ../lib.mk diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c new file mode 100644 index 000000000000..f2cae8f1ccae --- /dev/null +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: GPL-2.0 +#define _GNU_SOURCE +#define __SANE_USERSPACE_TYPES__ + +#include +#include +#include + +#include "../kselftest_harness.h" +#include "overlayfs/wrappers.h" + +TEST(anon_inode_no_chown) +{ + int fd_context; + + fd_context = sys_fsopen("tmpfs", 0); + ASSERT_GE(fd_context, 0); + + ASSERT_LT(fchown(fd_context, 1234, 5678), 0); + ASSERT_EQ(errno, EOPNOTSUPP); + + EXPECT_EQ(close(fd_context), 0); +} + +TEST_HARNESS_MAIN + From patchwork Mon Apr 7 09:54:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040117 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5356023535D for ; Mon, 7 Apr 2025 09:54:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019697; cv=none; b=f1P5xudqyOUeIH25cYnVkIP6INeyWpOsO9qwIEIms2Ax4oNf2Bsjqh9S/S8FFKzYB16TFFT7bjAJpMHlMGc22XFTzIVOZDVDc3UP4y8wqzoaFIsu2H/Rp3coLBjwex0R54Tj7WbvqOC1FqkrGDeFNhNqQqN9SawgO4Ky1OPK0t4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019697; c=relaxed/simple; bh=98OBOQFblJwLUfpJ22v4FmjzjKsmScxuLc0VekWWN3k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=izCJIhc0u9a5w+lLSeTiOu/Vx5JKOI2SOacf9eJBue5QEqSbh5x9PUiq8GT/OH1fjMZDb2sOhuFpD0TMXIDfKagDOV+ersdKcXe+ppsGIuzOyQwns+ufdvX2DamZQpukZWlr8uExeORO5YasJA7Jy1rstMt63T9cpOJT3gda3yk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Tp97n+kM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Tp97n+kM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12A74C4CEE7; Mon, 7 Apr 2025 09:54:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019696; bh=98OBOQFblJwLUfpJ22v4FmjzjKsmScxuLc0VekWWN3k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Tp97n+kMClf5r30DZ6LE6CiA4G76xWxVJekLk7Hh2/flJXxKdQ+2FEjWCd3o4GsOd AXcd6lZ3nuyg7PMMuoBxCJOhQdBTD6E+4BQFAUeFIZ3sf2mtSjcucPxP1QFlHNkAWG oIZaOfvBUzGSwwg4PTwKHuhT+2tPMzIEZVy+CG4A2URENCh/8ut3GVP0cjtLOtiIJO bjyPfW47SshoZuw9ocnaJjlybUORaSDuLWWleRUxJ7bgtURzMbDdQKRDkegdOgOWiN RDtGd+hhp536dNhc1/Uw05djZMyMeJOU89r28tc4o1P4/OtPOtZWkpBBgZ0rSrqT49 ps2REkPJ93kGA== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:21 +0200 Subject: [PATCH 7/9] selftests/filesystems: add second test for anonymous inodes Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-7-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=885; i=brauner@kernel.org; h=from:subject:message-id; bh=98OBOQFblJwLUfpJ22v4FmjzjKsmScxuLc0VekWWN3k=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnDdWW39qwd67CUfGl5KmBtd8frxIuDPG0nVNs79a +UuWk183FHKwiDGxSArpsji0G4SLrecp2KzUaYGzBxWJpAhDFycAjCRlemMDC932Fdf25Thyy0U 7R2x1V9SPzhk9vLNL14v3/q76fq00/MYGXbvO5irZ1dl0uN4d+G84omb+KW/OfjfcOhj3XZqnYm BAzcA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Test that anonymous inodes cannot be chmod()ed. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- tools/testing/selftests/filesystems/anon_inode_test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c index f2cae8f1ccae..7c4d0a225363 100644 --- a/tools/testing/selftests/filesystems/anon_inode_test.c +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -22,5 +22,18 @@ TEST(anon_inode_no_chown) EXPECT_EQ(close(fd_context), 0); } +TEST(anon_inode_no_chmod) +{ + int fd_context; + + fd_context = sys_fsopen("tmpfs", 0); + ASSERT_GE(fd_context, 0); + + ASSERT_LT(fchmod(fd_context, 0777), 0); + ASSERT_EQ(errno, EOPNOTSUPP); + + EXPECT_EQ(close(fd_context), 0); +} + TEST_HARNESS_MAIN From patchwork Mon Apr 7 09:54:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040118 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B97972356AC for ; Mon, 7 Apr 2025 09:55:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019700; cv=none; b=AodFdpQRQUshpt/Va/eJCG1iCXvGrPIw9iUFdxQ43Cbut+bGNcGyAoNRpqEEZFpqztb+s6ugVoVEZ2AKOlRLHPqpBdNP8njF+TT1HKGktxi5jcZmc7hQYuJSz0wyoFSCp+XT7j34uHtrIuUpvI3dg4V5AdGTQss9OvwJxXYNTN0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019700; c=relaxed/simple; bh=kZPcfW8JMlXp9ABl1x0b8khi6Vqs+G4O4SAC9RIrQyU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ev8rR2p9SHQAmbZ4YKNzWQXclo7WGIkWf1A5TOAqrU6E1v1jek2qitZWS4nMfuvhtba5Hv81CQqDoR/IwK6F7A8qppXOM70s/wc8mFTOik8dyzys0rs3+nzR9dG9jXHYMripcX1hTKE2LgL8JwRaDrOssbhwFC0z37UvlgOuqcM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cPnbCTv6; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cPnbCTv6" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C938C4CEDD; Mon, 7 Apr 2025 09:54:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019700; bh=kZPcfW8JMlXp9ABl1x0b8khi6Vqs+G4O4SAC9RIrQyU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cPnbCTv6TLWveq8XBbosoXskBzsS3NeJDOVU9hQn3sMRwPzqiZO81IOikhKBX/qRe FfOuPPMod6W7vxfYRs4HVHtJPDND76Swezuc81EbbRKI4wBs5rQHQZNAapjoyPy7Xa lMohhqlfOaDRLL0EILdf+tVlNozPqq+kc6zNRxnxTa0Mk1GKOxYwvTg+AwGQ6oMzAI LmidEfYEbEKuap4FuWsny33aa6VB3YcavJ4lDlCgZY4gSId5tHFQv0DSkXSZ7fDkCT p+tuNXPwyQB1UGfxOhACAyzhpP1LNN9oYL3LXX980ocChjGG+AJcXKgXKdM+qYsXVd 0ECQdfZmPe7Bg== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:22 +0200 Subject: [PATCH 8/9] selftests/filesystems: add third test for anonymous inodes Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-8-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=906; i=brauner@kernel.org; h=from:subject:message-id; bh=kZPcfW8JMlXp9ABl1x0b8khi6Vqs+G4O4SAC9RIrQyU=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnA9QS1kvvlNmRtKucd3RnlXeohvPRtScFjiS8wVk /QNq4yfdJSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEzE9RLD/0zd28v21bYa6Fnk qVptjJptcW7GB7eC3k+8Z15s9JtbKc7IcL3a/2vjk7kZjmea74pM097o3nv71T076wvLVT36+/T yWAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Test that anonymous inodes cannot be exec()ed. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- tools/testing/selftests/filesystems/anon_inode_test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c index 7c4d0a225363..486496252ddd 100644 --- a/tools/testing/selftests/filesystems/anon_inode_test.c +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -35,5 +35,18 @@ TEST(anon_inode_no_chmod) EXPECT_EQ(close(fd_context), 0); } +TEST(anon_inode_no_exec) +{ + int fd_context; + + fd_context = sys_fsopen("tmpfs", 0); + ASSERT_GE(fd_context, 0); + + ASSERT_LT(execveat(fd_context, "", NULL, NULL, AT_EMPTY_PATH), 0); + ASSERT_EQ(errno, EACCES); + + EXPECT_EQ(close(fd_context), 0); +} + TEST_HARNESS_MAIN From patchwork Mon Apr 7 09:54:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 14040119 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A93A9230BF4 for ; Mon, 7 Apr 2025 09:55:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019703; cv=none; b=AFUGd2Eb5drwtMpO0YPF21Tp6Jrq4LHMpLe8HEp4eYjGmgSnlj+vuqpBdfLuGIwX392sGdCPhmE+X/NawlNLDnV4rR6M1fOnkI9+KtfXET20ZwOK8ziM67lVvURTRXlRdrtju26EwxMQhGJX8ozEs4x4NAX/mAhQidaLoJu1Ksw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744019703; c=relaxed/simple; bh=IPngv6k4HTtp0L0AG/j88z5uovfA3r+o6pDR1kDrBHI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gSWCJEcNeMPAuYDuZL2U3m871V7/81ztniQspwivhtgDjCY/f9MUtI55UmbT8IcuIiROag6jC7cUbryzf5j8AMUgCXgVNkYDDPL0skmeHEuufT/DsdiPdPeLXUhbGLXdgoMKwC5hpLtpLpiQSxbsk7KjSSssdqc77xr68q6W19k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=luWk8Dx5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="luWk8Dx5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9B9BEC4CEE7; Mon, 7 Apr 2025 09:55:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744019703; bh=IPngv6k4HTtp0L0AG/j88z5uovfA3r+o6pDR1kDrBHI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=luWk8Dx5v3NFNJIrB3nVvtAhqD4XvHLOEoOj6K+tCqvKNAD99D4AQudzSrz3SlzW5 t+HfScEKWJNAEcKyNXGiklzL5mRpmonTBaO4GhTya4VC5s/9ETTS7hcATgorA+Bs+k mFoJqiKByC3B6sWeF3alIeN00WWG9jcrZxEocOP6+8l/0dylsqi5Nc5CqfpDs7Ul8P wa960HBsgaUHXKmjv4CHKaIhjmuz/4OlO1FK2XM12idxNpnbI9xX/nPTHlOdkt7H0p ycX8PesH5jUOZL1zSqJdnC8Dl+Omxe2XLaFd70ME4KDKo3Py/Z2Su3maimTY2t/FqB /Kk9Z62w3bPZQ== From: Christian Brauner Date: Mon, 07 Apr 2025 11:54:23 +0200 Subject: [PATCH 9/9] selftests/filesystems: add fourth test for anonymous inodes Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250407-work-anon_inode-v1-9-53a44c20d44e@kernel.org> References: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> In-Reply-To: <20250407-work-anon_inode-v1-0-53a44c20d44e@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christoph Hellwig , Mateusz Guzik , Penglei Jiang , Al Viro , Jan Kara , Jeff Layton , Josef Bacik , syzbot+5d8e79d323a13aa0b248@syzkaller.appspotmail.com, Christian Brauner X-Mailer: b4 0.15-dev-c25d1 X-Developer-Signature: v=1; a=openpgp-sha256; l=985; i=brauner@kernel.org; h=from:subject:message-id; bh=IPngv6k4HTtp0L0AG/j88z5uovfA3r+o6pDR1kDrBHI=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR/XnC9YWMrE3eVxm1zXR61iPpPFhtjTnFLfhObwnQjM rDqiFRxRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwESS3zL8lTrL8sf9SYIQX0nI i1/PN1/+JL3xkKE7xxGN6p8zHBpnHGJk+HM61/vJ/69++48onjRQ1DqSuOGC33b+hAvHjCfUvfr 8hRsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Test that anonymous inodes cannot be open()ed. Signed-off-by: Christian Brauner Reviewed-by: Jan Kara --- tools/testing/selftests/filesystems/anon_inode_test.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c index 486496252ddd..e8e0ef1460d2 100644 --- a/tools/testing/selftests/filesystems/anon_inode_test.c +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -48,5 +48,22 @@ TEST(anon_inode_no_exec) EXPECT_EQ(close(fd_context), 0); } +TEST(anon_inode_no_open) +{ + int fd_context; + + fd_context = sys_fsopen("tmpfs", 0); + ASSERT_GE(fd_context, 0); + + ASSERT_GE(dup2(fd_context, 500), 0); + ASSERT_EQ(close(fd_context), 0); + fd_context = 500; + + ASSERT_LT(open("/proc/self/fd/500", 0), 0); + ASSERT_EQ(errno, ENXIO); + + EXPECT_EQ(close(fd_context), 0); +} + TEST_HARNESS_MAIN