anon_inode: raise SB_I_NODEV and SB_I_NOEXEC

brauner · brauner · commit 1ed95281c0c7 · 2025-04-07T16:19:04.000+02:00
It isn't possible to execute anonymous inodes because they cannot be opened in any way after they have been created. This includes execution: execveat(fd_anon_inode, "", NULL, NULL, AT_EMPTY_PATH) Anonymous inodes have inode->f_op set to no_open_fops which sets no_open() which returns ENXIO. That means any call to do_dentry_open() which is the endpoint of the do_open_execat() will fail. There's no chance to execute an anonymous inode. Unless a given subsystem overrides it ofc. However, we should still harden this and raise SB_I_NODEV and SB_I_NOEXEC on the superblock itself so that no one gets any creative ideas. Link: https://lore.kernel.org/20250407-work-anon_inode-v1-5-53a44c20d44e@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Cc: stable@vger.kernel.org # all LTS kernels Signed-off-by: Christian Brauner <brauner@kernel.org>
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
@@ -86,6 +86,8 @@ static int anon_inodefs_init_fs_context(struct fs_context *fc)
 	struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);
 	if (!ctx)
 		return -ENOMEM;
+	fc->s_iflags |= SB_I_NOEXEC;
+	fc->s_iflags |= SB_I_NODEV;
 	ctx->dops = &anon_inodefs_dentry_operations;
 	return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,8 @@ static int anon_inodefs_init_fs_context(struct fs_context *fc)`
`86`	`86`	`struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);`
`87`	`87`	`if (!ctx)`
`88`	`88`	`return -ENOMEM;`
	`89`	`+ fc->s_iflags \|= SB_I_NOEXEC;`
	`90`	`+ fc->s_iflags \|= SB_I_NODEV;`
`89`	`91`	`ctx->dops = &anon_inodefs_dentry_operations;`
`90`	`92`	`return 0;`
`91`	`93`	`}`