From 30524472c2f728c20d6bf35191042a5d455c0a64 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Tue, 22 Jul 2008 00:02:33 -0400
Subject: [PATCH] [PATCH] take noexec checks to very few callers that care

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/exec.c  |  7 +++++++
 fs/namei.c |  9 ---------
 fs/open.c  | 10 ++++++++++
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 346e3f69c6e0e..eca58c29eded6 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -118,6 +118,10 @@ asmlinkage long sys_uselib(const char __user * library)
 	if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
 		goto exit;
 
+	error = -EACCES;
+	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+		goto exit;
+
 	error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
 	if (error)
 		goto exit;
@@ -668,6 +672,9 @@ struct file *open_exec(const char *name)
 	if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
 		goto out_path_put;
 
+	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+		goto out_path_put;
+
 	err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
 	if (err)
 		goto out_path_put;
diff --git a/fs/namei.c b/fs/namei.c
index 6d75430358ac6..396cb3e5c3646 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -252,15 +252,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
 			return -EACCES;
 	}
 
-	if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
-		/*
-		 * MAY_EXEC on regular files is denied if the fs is mounted
-		 * with the "noexec" flag.
-		 */
-		if (mnt && (mnt->mnt_flags & MNT_NOEXEC))
-			return -EACCES;
-	}
-
 	/* Ordinary permission routines do not understand MAY_APPEND. */
 	if (inode->i_op && inode->i_op->permission) {
 		retval = inode->i_op->permission(inode, mask);
diff --git a/fs/open.c b/fs/open.c
index 3b3c43674be36..d5e421ad0cf66 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
 	if (res)
 		goto out;
 
+	if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) {
+		/*
+		 * MAY_EXEC on regular files is denied if the fs is mounted
+		 * with the "noexec" flag.
+		 */
+		res = -EACCES;
+		if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+			goto out_path_release;
+	}
+
 	res = vfs_permission(&nd, mode | MAY_ACCESS);
 	/* SuS v2 requires we report a read only fs too */
 	if(res || !(mode & S_IWOTH) ||
-- 
GitLab