[PATCH] mm/migrate: Avoid possible unnecessary ptrace_may_access() call in kernel_move_pages()

Kees Cook keescook at chromium.org
Wed Aug 19 18:04:24 UTC 2020


On Mon, Aug 17, 2020 at 07:59:33AM -0400, Miaohe Lin wrote:
> There is no need to check if this process has the right to modify the
> specified process when they are same.
> 
> Signed-off-by: Hongxiang Lou <louhongxiang at huawei.com>
> Signed-off-by: Miaohe Lin <linmiaohe at huawei.com>
> ---
>  mm/migrate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/migrate.c b/mm/migrate.c
> index 34a842a8eb6a..342c1ce0b433 100644
> --- a/mm/migrate.c
> +++ b/mm/migrate.c
> @@ -1903,7 +1903,7 @@ static int kernel_move_pages(pid_t pid, unsigned long nr_pages,
>  	 * Check if this process has the right to modify the specified
>  	 * process. Use the regular "ptrace_may_access()" checks.
>  	 */
> -	if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> +	if (pid && !ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
>  		rcu_read_unlock();
>  		err = -EPERM;
>  		goto out;

NAK, please don't do this -- the ptrace and security hooks already do
these kinds of self-introspection checks, and I'd like to keep a central
place to perform these kinds of checks.

Is there a specific problem you've encountered that this fixes?

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list