[RFC PATCH v2 3/6] mm, security: Fix missed security_task_movememory() in mbind(2)

Yafang Shao laoar.shao at gmail.com
Wed Nov 22 14:15:56 UTC 2023


Considering that mbind(2) using either MPOL_MF_MOVE or MPOL_MF_MOVE_ALL is
capable of memory movement, it's essential to include
security_task_movememory() to cover this functionality as well. It was
identified during a code review.

Signed-off-by: Yafang Shao <laoar.shao at gmail.com>
---
 mm/mempolicy.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 10a590ee1c89..ded2e0e62e24 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1259,8 +1259,15 @@ static long do_mbind(unsigned long start, unsigned long len,
 	if (!new)
 		flags |= MPOL_MF_DISCONTIG_OK;
 
-	if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))
+	if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) {
+		err = security_task_movememory(current);
+		if (err) {
+			mpol_put(new);
+			return err;
+		}
 		lru_cache_disable();
+	}
+
 	{
 		NODEMASK_SCRATCH(scratch);
 		if (scratch) {
-- 
2.30.1 (Apple Git-130)




More information about the Linux-security-module-archive mailing list