From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8527C83F07 for ; Mon, 7 Jul 2025 12:32:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F40C6B03F9; Mon, 7 Jul 2025 08:32:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5CC006B03FA; Mon, 7 Jul 2025 08:32:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5094F6B03FB; Mon, 7 Jul 2025 08:32:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 3CDBE6B03F9 for ; Mon, 7 Jul 2025 08:32:48 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id EE8921287FD for ; Mon, 7 Jul 2025 12:32:47 +0000 (UTC) X-FDA: 83637407574.09.7D7CED6 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf25.hostedemail.com (Postfix) with ESMTP id 442B7A0002 for ; Mon, 7 Jul 2025 12:32:46 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RXZjKW+i; spf=pass (imf25.hostedemail.com: domain of rppt@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751891566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=US2YkDbRfuaJaOqV28L3u2q5zkdQHaoDt9W3JzbINYg=; b=Nw8110qx/MEZYa26lgmuLzvz+4wAZE5r9k4QPh1n81983gXrOgImh3Ftb/5NfnFd6AB4N0 DaClESYyBrvGVw8UujXxGg3bBbFK6K3h94PSDxmK+NJXehGQzwo9XUA81ZsJ4Yh8+v/8WI 87Yq4PVbnMlbyiBsKpmI3iJDYCpJP1I= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751891566; a=rsa-sha256; cv=none; b=p1t4MpdUgzDkyGqrhTni//etBCxdMmxY57vXfs11CAm1LH0byOZ7EKYrZJG8q9RiHAyS0p 1boORSIOW3/ZjiLJn3MDmcX+qVAOYbz9PICSXgoNz5D5Z87qCckVT/Juf2SdSUVZMelQ9F O42ftpGniVVHuOosaxEn9gm1MwQn1nY= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RXZjKW+i; spf=pass (imf25.hostedemail.com: domain of rppt@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id B238BA53794; Mon, 7 Jul 2025 12:32:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15722C4CEE3; Mon, 7 Jul 2025 12:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1751891565; bh=CfU0NV7kq+gD9EOLFf/qtz9VpGifBztVaVGA4/ZDusk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RXZjKW+id2OFWIVfXHX4CHZNA7Md963dlYJJJ/M3grO58dvueHgO++FRbQLS3a2SR Incfbq0yBHgO2PNlGeHafKXwUHMSpexmDIG9+K57+FColmw+wBeF+eNlYwzPtDNWzV KywVyTYW+Efa/YKezvN3idKUF6rqZrUdp6Cfph3WvHeIWxhuv737A35QU57Y+SKJQP m6VKPYzQ95s2bSTaq6mpmw7eh+vQL+8O4DhOBsk17B0W3OGJ+uMcfbiiafHhOf9Vke kWc8n/hqSxNz+IUZ3IwqCTMEBQaasqIgBtF2oIBoyJfKPZSTpzlIA8tbt8tDJeSbna dtB2rw9Qaf1Sw== Date: Mon, 7 Jul 2025 15:32:38 +0300 From: Mike Rapoport To: Christian Brauner Cc: Jens Axboe , syzbot , jack@suse.cz, kees@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk Subject: Re: [PATCH] secretmem: use SB_I_NOEXEC Message-ID: References: <20250707-tusche-umlaufen-6e96566552d6@brauner> <20250707-heimlaufen-hebamme-d6164bdc5f30@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250707-heimlaufen-hebamme-d6164bdc5f30@brauner> X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 442B7A0002 X-Stat-Signature: mbot19wrf5kugmoqdy7qtwji8naibprr X-HE-Tag: 1751891566-302597 X-HE-Meta: U2FsdGVkX180ut1of9gdU5ZVGebnKDrStVBTWuYa9RL0sHrRf+shc6AdDVGw7IbPZBU8RR/JU/yqEFCgTBpqlUElT9R6Pa3T9M5ZmTvkWPUlCvRcGAdwQXkmNPKKJ3x7ELsomqYqT5OWgWIjZ4zIYQtKz/BqKUz/4mcB6rOWDzLem1KcKRy9Ot6Pbxfct6g8Ffi8HKzmbXyOvzGPKWh71/dXFKhCkP/2Ak9Nrg3CiPXBs0+znQEXV/3UWn2JBNVepd7FBPSYiHyGcoxtMDwy6aeZ3RGQsd3L9PHwBIVOoKDg/FTn4gu6d9YpQJdHDeUcxO/CnbqBTb7ZzwyMPL0tK30TECiuoBCEGbL4WFa+5rwU7G2adqxizeOFZRFZIOH0+WLRGSpHlwnhjqg8kRBI11fF1RSDp53ZF+X4NXJ+F7RR5RgHY4NtQ8d5iPSuQmmo7EBgeONohSgrjELTN6z7wLYDlnIBIMNTD+X5i0SpuUt5xJL/1oq0W+oiy8D1VrKb6HmeQc337CyHawmEXAQWDeRF8oWfVr0ZmIvEyOFeNTzGULmaHNkepInuV9gnJI56rp4qVgcbcoKxvipYJpKPH6s7w9TKIu+5fe2a6mtHcY9+aXuif7Cr3efeSSbUeSjZbuN15QnwAUebiAGJ34P1y/1frH8yJ4cq8zLrUuMGnAOPUGkpDJm35CuUq4X9PMX2xe22kczqPhhPjlgFVg3RW5oXN2433BTU9RPPWkCq+I/uSgLpMh+HCKp8srwEiulKL0SiM25+aUQiWsRQ7BRamILAMtFGQpPy3oObeUtCzdgRZk9Q7SVtrRmWJv9/cxPB7aZVdjMZlYsmyDOS+v7zBrf7Fxcjeu5+g6EzT6CGGU92hIODInMF7Dtfuu3u8KE8BJRZXfmfztfdJC38xT1hu2vt4tETfv9nGHxXXn1zBqbru3lMD0GFbBL8Q4vKKkcKw+E/qq8+rzjXJkqkYtF knyEE39G jtbCxcSUgfoDS7ucHoIkdF4fIh9a/JjdUQo4tpcV1SH2ulI5Dvmu3YI5oVoG7dDrjsBobsyyzA6mK0GiyjY1ZGKCLVrHdNbeFcUNAErB0XOgdMc4NpooTnvH0Jymq9DmYzNkG5/bTHBheasv7MMkGYD9kvy0D9A1jTMTE1dVyqrWB3gfYgTCC/EMRZFf+Ya8LjnYxhseEKEG5Y62+SigPXFB3Gzr9B6IlDhNaLDws4Dinx/B16rw9M8u0ZQ1DW7MBwQQ1Q7CpAy33a20GIZMEen22R33Fws4uRbuc3ViS2Px++n5HcDLMMs9H03iluVkEqZQsDk1jz17ei+mliU5vPRNCiuP6quTC1ZVsK8WTWalw3wmtxgoGDC23lglrhaklM8wDKW+upkiPoW6wqNaoZG9HrOd0M3M3XLOFEteICBvGkKLXj2tyjtZitvkItV7KztLS X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jul 07, 2025 at 02:10:36PM +0200, Christian Brauner wrote: > Anonymous inodes may never ever be exectuable and the only way to > enforce this is to raise SB_I_NOEXEC on the superblock which can never > be unset. I've made the exec code yell at anyone who does not abide by > this rule. > > For good measure also kill any pretense that device nodes are supported > on the secretmem filesystem. > > > WARNING: fs/exec.c:119 at path_noexec+0x1af/0x200 fs/exec.c:118, CPU#1: syz-executor260/5835 > > Modules linked in: > > CPU: 1 UID: 0 PID: 5835 Comm: syz-executor260 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 > > RIP: 0010:path_noexec+0x1af/0x200 fs/exec.c:118 > > Code: 02 31 ff 48 89 de e8 f0 b1 89 ff d1 eb eb 07 e8 07 ad 89 ff b3 01 89 d8 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 ac 89 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6 > > RSP: 0018:ffffc90003eefbd8 EFLAGS: 00010293 > > RAX: ffffffff8235f22e RBX: ffff888072be0940 RCX: ffff88807763bc00 > > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > > RBP: 0000000000080000 R08: ffff88807763bc00 R09: 0000000000000003 > > R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000011 > > R13: 1ffff920007ddf90 R14: 0000000000000000 R15: dffffc0000000000 > > FS: 000055556832d380(0000) GS:ffff888125d1e000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00007f21e34810d0 CR3: 00000000718a8000 CR4: 00000000003526f0 > > Call Trace: > > > > do_mmap+0xa43/0x10d0 mm/mmap.c:472 > > vm_mmap_pgoff+0x31b/0x4c0 mm/util.c:579 > > ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:607 > > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > > do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 > > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > RIP: 0033:0x7f21e340a9f9 > > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > > RSP: 002b:00007ffd23ca3468 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 > > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f21e340a9f9 > > RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000200000ff9000 > > RBP: 00007f21e347d5f0 R08: 0000000000000003 R09: 0000000000000000 > > R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 > > R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 > > Link: https://lore.kernel.org/686ba948.a00a0220.c7b3.0080.GAE@google.com > Signed-off-by: Christian Brauner Acked-by: Mike Rapoport (Microsoft) > --- > mm/secretmem.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/mm/secretmem.c b/mm/secretmem.c > index 9a11a38a6770..e042a4a0bc0c 100644 > --- a/mm/secretmem.c > +++ b/mm/secretmem.c > @@ -261,7 +261,15 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags) > > static int secretmem_init_fs_context(struct fs_context *fc) > { > - return init_pseudo(fc, SECRETMEM_MAGIC) ? 0 : -ENOMEM; > + struct pseudo_fs_context *ctx; > + > + ctx = init_pseudo(fc, SECRETMEM_MAGIC); > + if (!ctx) > + return -ENOMEM; > + > + fc->s_iflags |= SB_I_NOEXEC; > + fc->s_iflags |= SB_I_NODEV; > + return 0; > } > > static struct file_system_type secretmem_fs = { > @@ -279,9 +287,6 @@ static int __init secretmem_init(void) > if (IS_ERR(secretmem_mnt)) > return PTR_ERR(secretmem_mnt); > > - /* prevent secretmem mappings from ever getting PROT_EXEC */ > - secretmem_mnt->mnt_flags |= MNT_NOEXEC; > - > return 0; > } > fs_initcall(secretmem_init); > -- > 2.47.2 > -- Sincerely yours, Mike.