On 2020/06/29 4:44, Alexei Starovoitov wrote: > But all the defensive programming kinda goes against general kernel style. > I wouldn't do it. Especially pr_info() ?! > Though I don't feel strongly about it. Honestly speaking, caller should check for errors and print appropriate messages. info->wd.mnt->mnt_root != info->wd.dentry indicates that something went wrong (maybe memory corruption). But other conditions are not fatal. That is, I consider even pr_info() here should be unnecessary. > > I would like to generalize elf_header_check() a bit and call it > before doing blob_to_mnt() to make sure that all blobs are elf files only. > Supporting '#!/bin/bash' or other things as blobs seems wrong to me. Why? There is no point with forbidding "#!", for users can use a wrapper ELF binary which contains instructions including glibc's execv()/system() functions even if "#!" cannot be used. What is more important is what protection/isolation properties processes started via fork_usermode_driver() should hold, for ELF binary can contain arbitrary instructions, these processes run as daemons (reading request from stdin and writing response to stdout) but hidden from "/usr/bin/pstree -p 1" (because they are forked from kthreadd kernel thread).
