Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp245274iob; Wed, 18 May 2022 01:00:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyU+WBChaZqUp/QeCcFlxlEweUYYTTr0FiLqk+jgARBAP8YdMWpvhYz7jikHb948v09/IMh X-Received: by 2002:a17:90a:c7c5:b0:1df:45ca:ef8b with SMTP id gf5-20020a17090ac7c500b001df45caef8bmr16943886pjb.15.1652860829100; Wed, 18 May 2022 01:00:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652860829; cv=none; d=google.com; s=arc-20160816; b=ENRFBwSddaxgYAHRV6o4be7K5Hur2NyTBjs4QTSB1TPZwaBRUj+Bl0CIx/pEDr3JdJ JF9RhJp9xf3ux9LC6UyTcPOOvIO5zUpmOsyRznDQwUVFzLISEoE5askOqukdh/SIhnhS 4LYHPFe2eQ5izzM1DIW+UGBGlyMvlcPv0SRW19BjoWdSZnE6WZ3F/kDJj92ByOC0LUXk uHTJADVP90pbaQ0bc4EUk0HH8BQX1zug7ddRPfPt+tIaL2xZsoqcQ5W9KW5NpRO6rSpb K7RNV9vIAWoukU2ikRwciT4JxaIQ5mLS59lZO2uFHG+AQuikK3Ju8JEuQZtcYDk99aUo TXwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=+WXyHgfULpY3quBj7gBhyPT+i7ar8g8YkyUBQ9hFn1Y=; b=xyZFQOGb7K9E8vTSjmivD6brvZqlhtslexC95oDFz8wTQuNEOnTq4XsKGmEeRG3OWa vSAbx0laCP0UvJUzplQrKT55xK11ShHGDqkkEVz5aav1lDIgHGIR9ukPyuEGnv1H5DlN DQNaVIEaCvn6kXqQ7sl53oSkOI10iUDgXaFjqQd8GbOm10FRAFXCcleA4ybzS6vp0LQ0 PKMO5QAexURbM7mFs129upHT65cGTm789GzNo1KneMrMa/ZHdM2goJMp2HvmEZx6pMI9 OZ7I7lLyolWqHmGJR5JRF0uhzESu1XSdln2ddaxbVNQSzAxsUijIpuwaCPp4MuYiY+ix tTKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id i22-20020a63e456000000b003f5d8d20521si1754010pgk.19.2022.05.18.01.00.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 May 2022 01:00:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D5611128141; Wed, 18 May 2022 00:59:40 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232943AbiERH7d (ORCPT + 99 others); Wed, 18 May 2022 03:59:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232896AbiERH7c (ORCPT ); Wed, 18 May 2022 03:59:32 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4561712719B; Wed, 18 May 2022 00:59:31 -0700 (PDT) Received: from kwepemi500013.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4L350f4WXkzQk9h; Wed, 18 May 2022 15:56:34 +0800 (CST) Received: from kwepemm600013.china.huawei.com (7.193.23.68) by kwepemi500013.china.huawei.com (7.221.188.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 18 May 2022 15:59:28 +0800 Received: from huawei.com (10.175.127.227) by kwepemm600013.china.huawei.com (7.193.23.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 18 May 2022 15:59:28 +0800 From: Zhihao Cheng To: , , CC: , , , , Subject: [PATCH -next] exec: Remove redundant check in do_open_execat/uselib Date: Wed, 18 May 2022 16:12:27 +0800 Message-ID: <20220518081227.1278192-1-chengzhihao1@huawei.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemm600013.china.huawei.com (7.193.23.68) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There is a false positive WARNON happening in execve(2)/uselib(2) syscalls with concurrent noexec-remount. execveat remount do_open_execat(path/bin) do_filp_open path_openat do_open may_open path_noexec() // PASS remount(path->mnt, MS_NOEXEC) WARNON(path_noexec(&file->f_path)) // path_noexec() checks fail Since may_open() has already checked the same conditions, fix it by removing 'S_ISREG' and 'path_noexec' check in do_open_execat()/uselib(2). Fixes: 0fd338b2d2cdf8 ("exec: move path_noexec() check earlier") Signed-off-by: Zhihao Cheng --- fs/exec.c | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index e3e55d5e0be1..0f8ea7e9e03c 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -141,16 +141,6 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) if (IS_ERR(file)) goto out; - /* - * may_open() has already checked for this, so it should be - * impossible to trip now. But we need to be extra cautious - * and check again at the very end too. - */ - error = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || - path_noexec(&file->f_path))) - goto exit; - fsnotify_open(file); error = -ENOEXEC; @@ -169,7 +159,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) break; } read_unlock(&binfmt_lock); -exit: + fput(file); out: return error; @@ -919,16 +909,6 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) if (IS_ERR(file)) goto out; - /* - * may_open() has already checked for this, so it should be - * impossible to trip now. But we need to be extra cautious - * and check again at the very end too. - */ - err = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || - path_noexec(&file->f_path))) - goto exit; - err = deny_write_access(file); if (err) goto exit; -- 2.31.1