Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec

Next message: eamanu: "Re: [PATCH v2] staging: sm750fb: fix CamelCase variables name in sm750"
Previous message: Rustam Adilov: "Re: [PATCH v2 1/1] watchdog: realtek-otto: Change to use regmap API"
In reply to: Oleg Nesterov: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Next in thread: Oleg Nesterov: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Tue May 26 2026 - 16:24:32 EST

On Tue, 26 May 2026 16:42:11 +0200 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:

> The target task can execute a setuid binary between ptrace_may_access()
> and get_task_mm(). Protect this critical section with exec_update_lock.
>
> I don't think cpuset_mems_allowed(task) should be called under
> exec_update_lock, but this patch just tries to add the minimal fix.
>
> Perhaps we can later add a common helper which can be used by
> find_mm_struct() and kernel_migrate_pages().
>

Do you think we should backport this into earlier kernels?