Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP

Next message: Marc Zyngier: "Re: [PATCH v3] KVM: arm64: Prevent the host from using an smc with imm16 != 0"
Previous message: Greg KH: "Re: [PATCH 6.12 000/244] 6.12.80-rc1 review"
In reply to: Oleg Nesterov: "Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP"
Next in thread: Lorenzo Stoakes (Oracle): "Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Thu Apr 02 2026 - 09:43:21 EST

On 4/2/26 15:13, Oleg Nesterov wrote:
> Note also the comment above validate_prctl_map_addr() called by
> prctl_set_mm_map(), "we don't require any capability here ...".
>
> Oleg.
>
> On 04/02, Oleg Nesterov wrote:
>>
>> On 04/02, Qi Tang wrote:
>>>
>>> The original commit f606b77f1a9e ("prctl: PR_SET_MM -- introduce
>>> PR_SET_MM_MAP operation") states "we require the caller to be at least
>>> user-namespace root user", but this was never enforced in the code.
>>>
>>> Add a checkpoint_restore_ns_capable() check at the top of
>>> prctl_set_mm_map(), after the PR_SET_MM_MAP_SIZE early return. This
>>> requires CAP_CHECKPOINT_RESTORE or CAP_SYS_ADMIN in the caller's
>>> user namespace, matching the stated design intent and the existing
>>> check for exe_fd changes.
>>
>> Can't really comment... but if you add this check at the start, then you
>> should also remove the same checkpoint_restore_ns_capable() check below?
>> In the "if (prctl_map.exe_fd != (u32)-1)" block.
>>
>

I'll note that the man page is wrong as well.

PR_SET_MM lists PR_SET_MM_MAP, but states "The calling process must have
the CAP_SYS_RESOURCE capability."

--
Cheers,

David