Re: [PATCH] mm/madvise: remove racy mm ownership check
From: Linus Torvalds
Date: Tue Dec 08 2020 - 23:59:29 EST
On Tue, Dec 8, 2020 at 7:22 PM Minchan Kim <minchan@xxxxxxxxxx> wrote:
>
> Jann spotted the security hole due to race of mm ownership check.
> If the task is sharing the mm_struct but goes through execve()
> before mm_access(), it could skip process_madvise_behavior_valid
> check. That makes *any advice hint* to reach into the remote process.
>
> This patch removes the mm ownership check.
Applied directly - I'm not sure Andrew has anything else pending, so
might as well short-circuit it.
Linus