From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3431BC3DA49 for ; Fri, 2 Aug 2024 03:28:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7FBF86B007B; Thu, 1 Aug 2024 23:28:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AAF76B0083; Thu, 1 Aug 2024 23:28:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 672F36B0085; Thu, 1 Aug 2024 23:28:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 48C6A6B007B for ; Thu, 1 Aug 2024 23:28:22 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id F0ABAC0592 for ; Fri, 2 Aug 2024 03:28:21 +0000 (UTC) X-FDA: 82405872402.17.1ED57AC Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf29.hostedemail.com (Postfix) with ESMTP id ED46B120005 for ; Fri, 2 Aug 2024 03:28:19 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gndKFcda; spf=pass (imf29.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722569272; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AqRC/eavpLox64IoEZeEvoEasmNJBYMHNUQruJqiQv0=; b=H6QN9zCtqEGUXbrbxlZonWl6nI9Qh3VVrhe1IBL/f7Pk2q+dxtygaajOQiF2tcbY1x2liT fD/TuGY713WJ6s23OzABVd46pmKPRxodqv2yaybeHj5dYQ2N1ntb382cNixZsdb6sVPnPZ +lruoqeeQnHGJOpKisCa+vRn748ZKy8= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gndKFcda; spf=pass (imf29.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722569272; a=rsa-sha256; cv=none; b=5EPklNVAkF+FKypJ6CGsYPclsVCgMBniDfNxrBqyI3HYyeozI5El1wj9CwqqHoteciLLnw c/uEhuiBp/d244YpMSZBAYmI1Xq5qUzeIhQEvOQzXxM5CSX8T+24AgE0ja7HkP6nz1WJpT ZNi4DQX2OC8yFcRQ8OHoOrvNq/IAhWs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 8FCF9CE1846; Fri, 2 Aug 2024 03:28:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78514C32782; Fri, 2 Aug 2024 03:28:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1722569294; bh=AqRC/eavpLox64IoEZeEvoEasmNJBYMHNUQruJqiQv0=; h=Date:From:To:Subject:In-Reply-To:References:From; b=gndKFcdaHsNwz1m3QgHdEY0go1uf9qVzBpD5hm+CBCVNQP9ma+J6XFgwOrKuYtR3x gvOKZpdvHH9iGoGF3s3Jrp8EMcEGtsVErs+QmTZNH95JM8K4sFthZ2DxX1VEp6NNJt RsO/4UmNwCLIWzZ4EtsFG0rub1Zmvs8AZwRMnUkAnDKAnY5Gt5MFCqNhll6Lvsx+ps nI9EwjXVkV/DzyndvZ1UzdxcH/jPWMJ9G68FBlaxgg/FweUKjfUButkXzgH6LMeael qNnFaJqogCwQjnCzGstXZpJ+1j7CrFI0j9t+eeqvw3tmtdgW4EWxxTE1WVRgWiXfkR bLgp2wQC3weYQ== Date: Thu, 01 Aug 2024 20:28:12 -0700 From: Kees Cook To: =?UTF-8?Q?Wojciech_G=C5=82adysz?= , viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, ebiederm@xmission.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: =?US-ASCII?Q?Re=3A_=5BPATCH=5D_kernel/fs=3A_last_check_f?= =?US-ASCII?Q?or_exec_credentials_on_NOEXEC_mount?= User-Agent: K-9 Mail for Android In-Reply-To: <20240801120745.13318-1-wojciech.gladysz@infogain.com> References: <20240801120745.13318-1-wojciech.gladysz@infogain.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: ED46B120005 X-Stat-Signature: o5opxr3qizowktsum7g6jqyswty1zocf X-HE-Tag: 1722569299-45274 X-HE-Meta: U2FsdGVkX19cGi9qzo10p97CRKkpNs4wTfolWqSsudxU6XUDb+6dai7gYPg1ac6t+OuGofS0P8ylmRThxODlvArkmaWd9b7Z7ygmpt8qUInULUYI/Bh7vMk9VNwHCd2FfzJat3yKg6W7kz9UNaT/+72uofHA1Rzn4fIj/FH+dEAboH1LFqzK8c8eSAEFFmwvykJvhfHEyaQzw77VjQ8Fscd0dKE1EkFa3/pNAg471B3tWPEL/Q2vJxFR6NPlfiwSb6eQoYT9szYz1NHh3OYWr1wQuM1GhSCoXVARbdT0dOjYKs5zGNL7bPO5UHGWHdmmgKMnmrOLYaAmBPZCrYbemGUY82BKCJMfeyKIzgoioZQjkKPshHoTxX3bw0AcaM3PtHy1kTy83P0gq/DiBHYNu38gH7CJ1vwxIcwG/5c2jjpNKfD7PAHV6sdgJTF6z7pHUl5I06/FS2gd6MTC1oBdR26Cbkf69wrna05ZzPprClWyrqHPwEMeVLNzxCcpHXatuQOmOmcYMxTON+DkvmynEkl3T6ijKQ3WjdvLXuJhmPKCruESjaEY8D/rDRyacmInFPOLd1PlVQDADzmEbpU5mjVP1oxYIt35ojw5RGtaQUJ8WW2qFiWbE8vVYz9H+z92P4o7ZAri2wSISVvemMDoevLO+vtgW70my//qS1cKYbdZuUOBJ1XF8vR9uLh48AM6lptf7XficHFhER/nZ/5Fbba7RcMIdKtq4xkhL1lTFNNqsuBdPTp+ePhvp3iJdph5jLaRNmMLcePKWJvGUjt+K4X0i+j8H9Y+jiQ29233qQ3PjWBMmOB/jK9lMJgtm4TXfgxKZVbTvCaVt9JHD8RSnxfegjGlXYP+88lAYnEg4I/OEHxJQ472ydBuZpC3/l7wOtBSTvUQiOuQNv1Ivuf+QsJszCIfDSLlm1ENtISnIIXOlSIRf1Zlmgz5PA+9KJICv1/FBvUJWz4Px4Kg7B6 fF1JSEF7 HB/d6VE9+16PnrZaHhGhNs47Uizsi1c992OZtjmU4guxCniCO+CgoE2iBP4DLwq5Bi46CfATXUp8PT59axBLs0sYeAowz+chpLCLdXXFcSeNxJqj0px4RiBrf/43qH22x+shsyivs3ZeYiaPi4HPY6Ic3admb7jZ5oMwwO8YHQjiXEQCDV88mqTM9jbgBMv1Bp9VTy0SC6mzW//pYbOkEFJHgkxY7Z45mv6oHeXrwm5m9Hz3lqtSONANkhmu9KegvTwx+E2nhC32KiO6n66SF2vOWbE2eyzgE2/jI4I782G5UqEg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.013040, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On August 1, 2024 5:07:45 AM PDT, "Wojciech G=C5=82adysz" wrote: >Test case: thread mounts NOEXEC fuse to a file being executed=2E >WARN_ON_ONCE is triggered yielding panic for some config=2E >Add a check to security_bprm_creds_for_exec(bprm)=2E As others have noted, this is racy=2E I would still like to keep the redun= dant check as-is, but let's lower it from WARN to pr_warn_ratelimited, sinc= e it's a known race that can be reached from userspace=2E --=20 Kees Cook