Unverified Commit 7d4e3fc0 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!13131 [OLK-6.6][Backport] exec: don't WARN for racy path_noexec check 

Merge Pull Request from: @lazy2528 
 
    exec/uselib系统调用和remount(MS_NOEXEC)并发会有一个WARNON打印:
    
```
       execveat                           remount
    do_open_execat(path/bin)
      do_filp_open
        path_openat
          do_open
            may_open
              path_noexec() // PASS
                                        remount(path->mnt, MS_NOEXEC)
    WARNON(path_noexec(&file->f_path)) // path_noexec() checks fail
```

    
    do_open_execat对打开的二进制文件做了isreg和对应path_mnt的noexec检查(may_open中),但是后续
do_open_execat中又对path_mnt的noexec做了检查,中间对mnt做noexec remount可能导致第二次检查失败,触发
WARNON。

    
    对于这个问题,之前是通过去掉WARNING警告对应的代码行来规避这个问题,目前upstream已有更好的解决办法,建议同步
upstream社区补丁来修复这个问题。

#I8LX53 
 
Link:https://gitee.com/openeuler/kernel/pulls/13131

 

Reviewed-by: default avatarJackie Liu <liuyun01@kylinos.cn>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 2e693d58 86be13fd

fs/exec.c

+20 −3
Original line number Diff line number Diff line
@@ -142,6 +142,14 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) 
	if (IS_ERR(file))

		goto out;



	/*

	 * Check do_open_execat() for an explanation.

	 */

	error = -EACCES;

	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode)) ||

	    path_noexec(&file->f_path))

		goto exit;



	error = -ENOEXEC;



	read_lock(&binfmt_lock);
@@ -158,7 +166,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) 
			break;

	}

	read_unlock(&binfmt_lock);



exit:

	fput(file);

out:

	return error;
@@ -915,13 +923,22 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) 


	file = do_filp_open(fd, name, &open_exec_flags);

	if (IS_ERR(file))

		goto out;

		return file;



	/*

	 * In the past the regular type check was here. It moved to may_open() in

	 * 633fb6ac3980 ("exec: move S_ISREG() check earlier"). Since then it is

	 * an invariant that all non-regular files error out before we get here.

	 */

	err = -EACCES;

	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode)) ||

	    path_noexec(&file->f_path))

		goto exit;



	err = deny_write_access(file);

	if (err)

		goto exit;



out:

	return file;



exit: