From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6074C3DA4A for ; Mon, 5 Aug 2024 23:38:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C5466B007B; Mon, 5 Aug 2024 19:38:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 174A96B0082; Mon, 5 Aug 2024 19:38:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 063FF6B0083; Mon, 5 Aug 2024 19:38:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id DE33D6B007B for ; Mon, 5 Aug 2024 19:38:13 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 8E1F91C1E5D for ; Mon, 5 Aug 2024 23:38:13 +0000 (UTC) X-FDA: 82419807666.12.2A45FF9 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173]) by imf04.hostedemail.com (Postfix) with ESMTP id 8C0924000F for ; Mon, 5 Aug 2024 23:38:11 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=linux.org.uk header.s=zeniv-20220401 header.b=RjN3VOSk; spf=none (imf04.hostedemail.com: domain of viro@ftp.linux.org.uk has no SPF policy when checking 62.89.141.173) smtp.mailfrom=viro@ftp.linux.org.uk; dmarc=pass (policy=none) header.from=zeniv.linux.org.uk ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722901084; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MSAmWqYkKRN/HHqstiDviuQxRLcZP+YK+4gWmisEfpw=; b=YbP2Guz6LNWUrpCIbT5Ij81DKF84e4DrVxduRTmc+CH+wIvqllVzI0dY9pHxwt2HsY7U4n vZLm3tsU/++762iawrPhXyNmnv5s31dTy3WOfYnEiZPH1Vy+/Jq/9CvGLobEoXCF2xKYH/ Bu8whz+MIsL3sO8jvrCH+U/n6jyF810= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=linux.org.uk header.s=zeniv-20220401 header.b=RjN3VOSk; spf=none (imf04.hostedemail.com: domain of viro@ftp.linux.org.uk has no SPF policy when checking 62.89.141.173) smtp.mailfrom=viro@ftp.linux.org.uk; dmarc=pass (policy=none) header.from=zeniv.linux.org.uk ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722901084; a=rsa-sha256; cv=none; b=wOKqkdgVcyyytYVfFQ7Y88CkIGcqBJCU1Jc/B98NFpAUEnMCqWAn3nlTjlJLBxWeTbBReI +wc66q/rNuIx2Hl+jDJEYaWNXttf41IT+hx9kQ0jvu+AsFyeo/+nBssgByhy/bPcrdngey z3P6C8RovkUIvQQVQ0NICbRJVmoL+Y0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=MSAmWqYkKRN/HHqstiDviuQxRLcZP+YK+4gWmisEfpw=; b=RjN3VOSk5rzbAMTVLLL3e+Kiwj FBwtBiR/yRsinYCy0Y0EkFq2BhZWP0M82ARExui5cgBULau48RWw1yoMGqjrrG1+3TjGtTyOfTDBq omTGxi4qDQ2j3Qp0Qe2WszjlXfdbAndg/zDCaVAhacI4L5+Wy7YoBQE0FY/CX+HdfrZBjr0GWu1Zl iHKFQvxIE1ILQNSkU8INnQal/rAZStYNULzvloOb0/mqBWN51ZYpMUby2uX0HHWBNdGTKx1VRQx5N aEKd2s5D6RNgwf41V8noZ3WrYVAeX+J19+d2V9EuE8Cj/v5AvregWjtCRB0G8bZv2HJz5ENpQ1hbr Eusbvg+g==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.98 #2 (Red Hat Linux)) id 1sb7HA-00000001oAD-3xeI; Mon, 05 Aug 2024 23:38:04 +0000 Date: Tue, 6 Aug 2024 00:38:04 +0100 From: Al Viro To: Christian Brauner Cc: Mateusz Guzik , jack@suse.cz, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, josef@toxicpanda.com, wojciech.gladysz@infogain.com, ebiederm@xmission.com, kees@kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] exec: drop a racy path_noexec check Message-ID: <20240805233804.GI5334@ZenIV> References: <20240805-fehlbesetzung-nilpferd-1ed58783ad4d@brauner> <20240805131721.765484-1-mjguzik@gmail.com> <20240805-denkspiel-unruhen-c0ec00f5d370@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240805-denkspiel-unruhen-c0ec00f5d370@brauner> X-Rspam-User: X-Stat-Signature: 3kcj1hx4iu7tjjrr41j3gjxro5pibzu3 X-Rspamd-Queue-Id: 8C0924000F X-Rspamd-Server: rspam11 X-HE-Tag: 1722901091-448956 X-HE-Meta: U2FsdGVkX191BxFddxxisMT6AN7vJ1a9X/jTI/yVMpogQFRGyhhAp6thYpRgSQ+ncYlVXuu1eM//73YvDSSQ07XczDrrHH7kewi6c379Rj7ta0yX+dj1S73rwzKbKOFwjdTOuj5j5G06POPXer4tTwB1ir84PYCKfr2zGLeJySq1Kj8zh41iVTNpF2Ajoox80wr3Pt/AzOA/vgmMp19aK6eDCP9LqEnpG3L9fHfQweYoYWo6rIeRC07N3rg0HaDqCIlRitGq5FBkKNllOfZuLrtgzCyUCWgmYenf8d17wWdD/qMqYz2nGGsQ9h84+ahUKGhqoXFwaHdBBC4+RjhlvwjcOp2dihAcomIgzwpweeNdmaQdUwFlYy3MPaCxEn4m0mA0ASny7E3ZdNfdPo3+IKAns7d7LFkFfR2yVW4jp5CiRtD17iHEbLchmpwcAQFhOYTEju15ga2glEgtFKhNGsGdepaqLwYgiSIv8gh2eb/RXunoTU+zdL0VUu48DBFPjE5YW2XT2QIA4Ges4z/AILoLY/T0MHNgsz0x6Q/GLCDhleCLWaw3+Y7gCrlLP7N8AFQ6g+e7R8wE9uvgk5zIz5OwnPPwqGi7NmhnaEryNaW9h789IcEFvcp6CdMTTA0sM6trXVhoOFN7BUzqOVvSybbfm2UBnBT+8FGMWXdz2h1n0mR2vteB3fqhqPdlobRsW/HpA++wb0vPIPVp8lQcfOx0i6LOOaR47/9hP0ci0yIyiMxaBHytuALeXSB+Iyw8bkyESFmIXXGiZU5QNJEHtiSiMDRnSFSh9kElnBpVVn6Olwa41hVSPdHJ+15BiWGZIttb8Syg6f+p51VKEPYyn33vXvi1w+JciLsOXdJrLGR9/mIl+r6YaEYl+/V7F+Oxtfs5HmRWsU9GrfAO05OKJsSU9jw02wqr2aIOAvMhbqALeRR0/cD8DJBB2DUzIGoqfg9adccRlTpQeT3uItm ZVfudO7k HZynrPTEu2OYjJ/0noeQH0pxNvQpKHBDsD58UvbJ2NTXPPJ5PX0276WF5wSmb8JmhVZQ7hQgQMG0/Dd5kZdkCvxrZFeatfIgBj3ONIQmmTgsnL+Vcq7SIC5ObzBYlHoDusRwNb+L7WIfehyHajSnhz3oKffL4xtN8FtsGJa9A3knYfYepdD+AJ9FCkShihKK27krGLzx687Bj4inOyc8Wd1ARZE2An5h0l8ixWn5lb3YxtvTEL24yc+qXjpPYVhhf+YgutCDCf2HJxppyCOHzUUJ6csjOLYCv0J5C5ap386M22pTRroP/P48kcJ6wF9hZ1505VhqKuquLEVjzxcsqvj9xSqD7Llmuh5vCoKW6pQ4eA7gDOIHqC/K7ANg72eOy63GCYkE2NI0JBCotd8VtDhX9oLQcHIbNYQevYo7BoJMU22VayI27R9pS7/gJ3aRF8eWTuWli1eMcKEZQnTWj0nCpWGpmiTI1AZeQtl7qulfswHo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.215782, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Aug 05, 2024 at 05:35:35PM +0200, Christian Brauner wrote: > > To my reading that path_noexec is still there only for debug, not > > because of any security need. > > I don't think it's there for debug. I think that WARN_ON_ONCE() is based > on the assumption that the mount properties can't change. IOW, someone > must've thought that somehow stable mount properties are guaranteed > after may_open() irrespective of how the file was opened. And in that > sense they thought they might actually catch a bug. That would be a neat trick, seeing that there'd never been anything to prevent mount -o remount,exec while something is executed on the filesystem in question. > But having it in there isn't wrong. In procfs permission/eligibility > checks often are checked as close to the open as possible. Worst case > it's something similar here. But it's certainly wrong to splat about it. Bury it.