mm/migrate: find_mm_struct: fix race between security checks and suid exec - kernel/linux.git

diff options

author	Oleg Nesterov <oleg@redhat.com>	2026-05-26 17:42:11 +0300
committer	Andrew Morton <akpm@linux-foundation.org>	2026-06-05 00:45:08 +0300
commit	13f77972b94c51f6e5b94d672025601363440a94 (patch)
tree	f1543a361b2ef6e85cce5d70fb2fa8014ed5e1a3 /include/linux/debugobjects.h
parent	9c87962f85106a4d330a91b26b054376245f47c0 (diff)
download	linux-13f77972b94c51f6e5b94d672025601363440a94.tar.xz

mm/migrate: find_mm_struct: fix race between security checks and suid exec

The target task can execute a setuid binary between ptrace_may_access() and get_task_mm(). Protect this critical section with exec_update_lock. I don't think cpuset_mems_allowed(task) should be called under exec_update_lock, but this patch just tries to add the minimal fix. Perhaps we can later add a common helper which can be used by find_mm_struct() and kernel_migrate_pages(). Link: https://lore.kernel.org/ahWxQ3JxdR5ff2qf@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Gregory Price <gourry@gourry.net> Cc: Alistair Popple <apopple@nvidia.com> Cc: Byungchul Park <byungchul@sk.com> Cc: David Hildenbrand <david@kernel.org> Cc: "Huang, Ying" <ying.huang@linux.alibaba.com> Cc: Jann Horn <jannh@google.com> Cc: Joshua Hahn <joshua.hahnjy@gmail.com> Cc: Kees Cook <kees@kernel.org> Cc: Matthew Brost <matthew.brost@intel.com> Cc: Rakie Kim <rakie.kim@sk.com> Cc: Ying Huang <ying.huang@linux.alibaba.com> Cc: Zi Yan <ziy@nvidia.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Diffstat (limited to 'include/linux/debugobjects.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: