[PATCH openEuler-5.10 28/39] exec: Remove redundant check in do_open_execat/uselib

From: Zhihao Cheng chengzhihao1@huawei.com

hulk inclusion category: bugfix bugzilla: 186784, https://gitee.com/openeuler/kernel/issues/I5851T CVE: NA

--------------------------------

There is a false positive WARNON happening in execve(2)/uselib(2) syscalls with concurrent noexec-remount.

execveat remount do_open_execat(path/bin) do_filp_open path_openat do_open may_open path_noexec() // PASS remount(path->mnt, MS_NOEXEC) WARNON(path_noexec(&file->f_path)) // path_noexec() checks fail

Since may_open() has already checked the same conditions, fix it by removing 'S_ISREG' and 'path_noexec' check in do_open_execat()/uselib(2).

Fixes: 0fd338b2d2cdf8 ("exec: move path_noexec() check earlier") Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/exec.c | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c index 72f8763b3ce9..2147ae12787c 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -143,16 +143,6 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) if (IS_ERR(file)) goto out;

- /* - * may_open() has already checked for this, so it should be - * impossible to trip now. But we need to be extra cautious - * and check again at the very end too. - */ - error = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || - path_noexec(&file->f_path))) - goto exit; - fsnotify_open(file);

error = -ENOEXEC; @@ -171,7 +161,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) break; } read_unlock(&binfmt_lock); -exit: + fput(file); out: return error; @@ -913,16 +903,6 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) if (IS_ERR(file)) goto out;

- /* - * may_open() has already checked for this, so it should be - * impossible to trip now. But we need to be extra cautious - * and check again at the very end too. - */ - err = -EACCES; - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || - path_noexec(&file->f_path))) - goto exit; - err = deny_write_access(file); if (err) goto exit;