diff options
| author |   Minchan Kim <minchan@kernel.org> | 2020-12-08 20:57:18 -0800 |
|---|---|---|
| committer |   Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-08 20:57:18 -0800 |
| commit | a68a0262abdaa251e12c53715f48e698a18ef402 (patch) | |
| tree | 6db05d544c83a19e040d329db4b623e245ec3393 /mm/madvise.c | |
| parent | afs: Fix memory leak when mounting with multiple source parameters (diff) | |
| download | linux-dev-a68a0262abdaa251e12c53715f48e698a18ef402.tar.xz linux-dev-a68a0262abdaa251e12c53715f48e698a18ef402.zip | |
mm/madvise: remove racy mm ownership check
Jann spotted the security hole due to race of mm ownership check.
If the task is sharing the mm_struct but goes through execve() before
mm_access(), it could skip process_madvise_behavior_valid check. That
makes *any advice hint* to reach into the remote process.
This patch removes the mm ownership check. With it, it will lose the
ability that local process could give *any* advice hint with vector
interface for some reason (e.g., performance). Since there is no
concrete example in upstream yet, it would be better to remove the
abiliity at this moment and need to review when such new advice comes
up.
Fixes: ecb8ac8b1f14 ("mm/madvise: introduce process_madvise() syscall: an external memory hinting API")
Reported-by: Jann Horn <jannh@google.com>
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/madvise.c')
| -rw-r--r-- | mm/madvise.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/mm/madvise.c b/mm/madvise.c index a8d8d48a57fe..13f5677b9322 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1204,8 +1204,7 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec, goto put_pid; } - if (task->mm != current->mm && - !process_madvise_behavior_valid(behavior)) { + if (!process_madvise_behavior_valid(behavior)) { ret = -EINVAL; goto release_task; } |