[RFC PATCH v2 3/6] mm, security: Fix missed security_task_movememory() in mbind(2)
Yafang Shao
laoar.shao at gmail.com
Wed Nov 22 14:15:56 UTC 2023
Considering that mbind(2) using either MPOL_MF_MOVE or MPOL_MF_MOVE_ALL is
capable of memory movement, it's essential to include
security_task_movememory() to cover this functionality as well. It was
identified during a code review.
Signed-off-by: Yafang Shao <laoar.shao at gmail.com>
---
mm/mempolicy.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 10a590ee1c89..ded2e0e62e24 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1259,8 +1259,15 @@ static long do_mbind(unsigned long start, unsigned long len,
if (!new)
flags |= MPOL_MF_DISCONTIG_OK;
- if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))
+ if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) {
+ err = security_task_movememory(current);
+ if (err) {
+ mpol_put(new);
+ return err;
+ }
lru_cache_disable();
+ }
+
{
NODEMASK_SCRATCH(scratch);
if (scratch) {
--
2.30.1 (Apple Git-130)
More information about the Linux-security-module-archive
mailing list