[PATCH] mm/migrate: Avoid possible unnecessary ptrace_may_access() call in kernel_move_pages()
Kees Cook
keescook at chromium.org
Wed Aug 19 18:04:24 UTC 2020
On Mon, Aug 17, 2020 at 07:59:33AM -0400, Miaohe Lin wrote:
> There is no need to check if this process has the right to modify the
> specified process when they are same.
>
> Signed-off-by: Hongxiang Lou <louhongxiang at huawei.com>
> Signed-off-by: Miaohe Lin <linmiaohe at huawei.com>
> ---
> mm/migrate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/migrate.c b/mm/migrate.c
> index 34a842a8eb6a..342c1ce0b433 100644
> --- a/mm/migrate.c
> +++ b/mm/migrate.c
> @@ -1903,7 +1903,7 @@ static int kernel_move_pages(pid_t pid, unsigned long nr_pages,
> * Check if this process has the right to modify the specified
> * process. Use the regular "ptrace_may_access()" checks.
> */
> - if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> + if (pid && !ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> rcu_read_unlock();
> err = -EPERM;
> goto out;
NAK, please don't do this -- the ptrace and security hooks already do
these kinds of self-introspection checks, and I'd like to keep a central
place to perform these kinds of checks.
Is there a specific problem you've encountered that this fixes?
--
Kees Cook
More information about the Linux-security-module-archive
mailing list