Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP

Next message: Greg Kroah-Hartman: "Re: [PATCH v4] uio: uio_pci_generic_sva: fix double free of devm_kzalloc() memory"
Previous message: Mike Rapoport: "Re: [PATCH v4 11/15] userfaultfd: mfill_atomic(): remove retry logic"
In reply to: David Hildenbrand (Arm): "Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP"
Next in thread: Andrew Morton: "Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Qi Tang

Date: Thu Apr 02 2026 - 09:58:32 EST

Thanks for the detailed review, and sorry for the noise on the
SELinux angle. file_map_prot_check() still enforces
PROCESS__EXECMEM, so that bypass doesn't work.

You're right that gating the entire PR_SET_MM_MAP call is too
broad and could break existing users that only update harmless
fields like arg_start/arg_end.

The intent was to address the case where exe_fd is -1: the
existing checkpoint_restore_ns_capable() check only fires when
exe_fd != (u32)-1, so updating mm boundaries alone has no
permission check.

As noted in this thread, the man page also states PR_SET_MM
requires CAP_SYS_RESOURCE, and the individual field path
enforces that, but the MAP path does not. Is this inconsistency
intentional?

Qi Tang