Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec

Next message: Aneesh Kumar K.V (Arm): "[PATCH v6 4/4] coco: guest: arm64: Replace dummy CCA device with sysfs ABI"
Previous message: wei . fang: "[PATCH net-next 2/9] net: enetc: add &quot;Update&quot; and &quot;Delete&quot; operations to VLAN filter table"
In reply to: Andrew Morton: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Next in thread: Gregory Price: "Re: [PATCH] mm/migrate: find_mm_struct: fix race between security checks and suid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleg Nesterov

Date: Wed May 27 2026 - 06:04:34 EST

On 05/26, Andrew Morton wrote:
>
> On Tue, 26 May 2026 16:42:11 +0200 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > The target task can execute a setuid binary between ptrace_may_access()
> > and get_task_mm(). Protect this critical section with exec_update_lock.
> >
> > I don't think cpuset_mems_allowed(task) should be called under
> > exec_update_lock, but this patch just tries to add the minimal fix.
> >
> > Perhaps we can later add a common helper which can be used by
> > find_mm_struct() and kernel_migrate_pages().
> >
>
> Do you think we should backport this into earlier kernels?

Probably not... The race is very unlikely and iiuc the impact is not
serious...

Up to maintainers.

Oleg.