Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec

Next message: Tom Zanussi: "Re: [PATCH] tracing: Do not call map-&gt;ops-&gt;elt_free() if elt_alloc() is not succeeded"
Previous message: Maurice Hieronymus via B4 Relay: "[PATCH 1/2] rust: clk: Add ExclusiveClk wrapper for clk_rate_exclusive_get"
In reply to: Andrew Morton: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Next in thread: Andrew Morton: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleg Nesterov

Date: Tue May 26 2026 - 13:08:16 EST

On 05/26, Andrew Morton wrote:
>
> On Tue, 26 May 2026 16:42:11 +0200 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > The target task can execute a setuid binary between ptrace_may_access()
> > and get_task_mm(). Protect this critical section with exec_update_lock.
> >
> > I don't think cpuset_mems_allowed(task) should be called under
> > exec_update_lock, but this patch just tries to add the minimal fix.
> >
> > Perhaps we can later add a common helper which can be used by
> > find_mm_struct() and kernel_migrate_pages().
> >
>
> Thanks. Sashiko thinks we should fix kernel_migrate_pages() also:
> https://sashiko.dev/#/patchset/ahWxQ3JxdR5ff2qf@xxxxxxxxxx

Of course ;) That is why I have already sent

[PATCH 0/4] mm/mempolicy: kernel_migrate_pages: fix race between security checks and suid exec
https://lore.kernel.org/all/ahMt6xyUNnacZU8-@xxxxxxxxxx/

and mentioned this in 0/4.

Sashiko has concern about 3/4 in the series above.

I personally do not think this is a problem... Without hidepid != 0
/proc/pid/status reports the same "info leak".

But may be I am wrong. Still waiting for review from maintainers.

Oleg.