[PATCH OLK-6.6] exec: Remove redundant check in do_open_execat/uselib - Kernel

5 Dec 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8LX53
CVE: NA
--------------------------------
There is a false positive WARNON happening in execve(2)/uselib(2)
syscalls with concurrent noexec-remount.
execveat                           remount
do_open_execat(path/bin)
  do_filp_open
    path_openat
      do_open
        may_open
          path_noexec() // PASS
                                remount(path->mnt, MS_NOEXEC)
WARNON(path_noexec(&file->f_path)) // path_noexec() checks fail
Since may_open() has already checked the same conditions, fix it by
removing 'S_ISREG' and 'path_noexec' check in do_open_execat()/uselib(2).
Fixes: 0fd338b2d2cdf8 ("exec: move path_noexec() check earlier")
Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com
Reviewed-by: Zhang Yi yi.zhang@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 fs/exec.c | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 6518e33ea813..73b833e8b548 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -142,16 +142,6 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
    if (IS_ERR(file))
    	goto out;
-	/*
-	 * may_open() has already checked for this, so it should be
-	 * impossible to trip now. But we need to be extra cautious
-	 * and check again at the very end too.
-	 */
-	error = -EACCES;
-	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
-			 path_noexec(&file->f_path)))
-		goto exit;
-
    error = -ENOEXEC;
read_lock(&binfmt_lock);
@@ -168,7 +158,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
    		break;
    }
    read_unlock(&binfmt_lock);
-exit:
+
    fput(file);
 out:
    return error;
@@ -925,16 +915,6 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
    if (IS_ERR(file))
    	goto out;
-	/*
-	 * may_open() has already checked for this, so it should be
-	 * impossible to trip now. But we need to be extra cautious
-	 * and check again at the very end too.
-	 */
-	err = -EACCES;
-	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
-			 path_noexec(&file->f_path)))
-		goto exit;
-
    err = deny_write_access(file);
    if (err)
    	goto exit;
-- 
2.31.1


    