diff options
| author | Lorenzo Stoakes <[email protected]> | 2024-09-13 15:06:28 +0100 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2024-09-17 00:58:05 -0700 |
| commit | 22af8caff7d1ca22a1ff1a554180e53f7a6555af (patch) | |
| tree | 99b08184bbb3ad6d372df0d430b45475e3ebd760 /lib/crypto/mpi/mpiutil.c | |
| parent | 2a1b8648d9be9f37f808a36c0f74adb8c53d06e6 (diff) | |
mm/madvise: process_madvise() drop capability check if same mm
In commit 96cfe2c0fd23 ("mm/madvise: replace ptrace attach requirement for
process_madvise") process_madvise() was updated to require the caller to
possess the CAP_SYS_NICE capability to perform the operation, in addition
to a check against PTRACE_MODE_READ performed by mm_access().
The mm_access() function explicitly checks to see if the address space of
the process being referenced is the current one, in which case no check is
performed.
We, however, do not do this when checking the CAP_SYS_NICE capability. This
means that we insist on the caller possessing this capability in order to
perform madvise() operations on its own address space, which seems
nonsensical.
Simply add a check to allow for an invocation of this function with pidfd
set to the current process without elevation.
Link: https://lkml.kernel.org/r/[email protected]
Fixes: 96cfe2c0fd23 ("mm/madvise: replace ptrace attach requirement for process_madvise")
Signed-off-by: Lorenzo Stoakes <[email protected]>
Reviewed-by: Liam R. Howlett <[email protected]>
Acked-by: Vlastimil Babka <[email protected]>
Acked-by: Shakeel Butt <[email protected]>
Acked-by: David Rientjes <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Minchan Kim <[email protected]>
Cc: Suren Baghdasaryan <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'lib/crypto/mpi/mpiutil.c')
0 files changed, 0 insertions, 0 deletions