Commit e1c1b4ed authored by Zhihao Cheng's avatar Zhihao Cheng
Browse files

exec: Remove redundant check in do_open_execat/uselib 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8LX53


CVE: NA

--------------------------------

There is a false positive WARNON happening in execve(2)/uselib(2)
syscalls with concurrent noexec-remount.

       execveat                           remount
do_open_execat(path/bin)
  do_filp_open
    path_openat
      do_open
        may_open
          path_noexec() // PASS
	                            remount(path->mnt, MS_NOEXEC)
WARNON(path_noexec(&file->f_path)) // path_noexec() checks fail

Since may_open() has already checked the same conditions, fix it by
removing 'S_ISREG' and 'path_noexec' check in do_open_execat()/uselib(2).

Fixes: 0fd338b2 ("exec: move path_noexec() check earlier")
Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent e538547f

fs/exec.c

+1 −21
Original line number Diff line number Diff line
@@ -142,16 +142,6 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) 
	if (IS_ERR(file))

		goto out;



	/*

	 * may_open() has already checked for this, so it should be

	 * impossible to trip now. But we need to be extra cautious

	 * and check again at the very end too.

	 */

	error = -EACCES;

	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||

			 path_noexec(&file->f_path)))

		goto exit;



	error = -ENOEXEC;



	read_lock(&binfmt_lock);
@@ -168,7 +158,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) 
			break;

	}

	read_unlock(&binfmt_lock);

exit:



	fput(file);

out:

	return error;
@@ -925,16 +915,6 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) 
	if (IS_ERR(file))

		goto out;



	/*

	 * may_open() has already checked for this, so it should be

	 * impossible to trip now. But we need to be extra cautious

	 * and check again at the very end too.

	 */

	err = -EACCES;

	if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||

			 path_noexec(&file->f_path)))

		goto exit;



	err = deny_write_access(file);

	if (err)

		goto exit;