From: Oleg Nesterov <oleg@redhat.com>
To: Qi Tang <tpluszz77@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
David Hildenbrand <david@kernel.org>,
Lorenzo Stoakes <ljs@kernel.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP
Date: Thu, 2 Apr 2026 14:57:51 +0200 [thread overview]
Message-ID: <ac5nzyCMJSkwuhRh@redhat.com> (raw)
In-Reply-To: <20260402111332.55957-1-tpluszz77@gmail.com>
On 04/02, Qi Tang wrote:
>
> The original commit f606b77f1a9e ("prctl: PR_SET_MM -- introduce
> PR_SET_MM_MAP operation") states "we require the caller to be at least
> user-namespace root user", but this was never enforced in the code.
>
> Add a checkpoint_restore_ns_capable() check at the top of
> prctl_set_mm_map(), after the PR_SET_MM_MAP_SIZE early return. This
> requires CAP_CHECKPOINT_RESTORE or CAP_SYS_ADMIN in the caller's
> user namespace, matching the stated design intent and the existing
> check for exe_fd changes.
Can't really comment... but if you add this check at the start, then you
should also remove the same checkpoint_restore_ns_capable() check below?
In the "if (prctl_map.exe_fd != (u32)-1)" block.
Oleg.
> Fixes: f606b77f1a9e ("prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation")
> Cc: stable@vger.kernel.org
> Cc: Cyrill Gorcunov <gorcunov@openvz.org>
> Signed-off-by: Qi Tang <tpluszz77@gmail.com>
> ---
> kernel/sys.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/sys.c b/kernel/sys.c
> index c86eba9aa7e9..2b8c57f23a35 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -2071,6 +2071,9 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data
> return put_user((unsigned int)sizeof(prctl_map),
> (unsigned int __user *)addr);
>
> + if (!checkpoint_restore_ns_capable(current_user_ns()))
> + return -EPERM;
> +
> if (data_size != sizeof(prctl_map))
> return -EINVAL;
>
> --
> 2.43.0
>
next prev parent reply other threads:[~2026-04-02 12:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-02 11:13 [PATCH] prctl: require checkpoint_restore_ns_capable for PR_SET_MM_MAP Qi Tang
2026-04-02 12:57 ` Oleg Nesterov [this message]
2026-04-02 13:07 ` Lorenzo Stoakes (Oracle)
2026-04-02 13:13 ` Oleg Nesterov
2026-04-02 13:41 ` David Hildenbrand (Arm)
2026-04-02 13:06 ` Lorenzo Stoakes (Oracle)
2026-04-02 13:55 ` David Hildenbrand (Arm)
2026-04-02 14:05 ` David Hildenbrand (Arm)
2026-04-02 14:21 ` Lorenzo Stoakes (Oracle)
2026-04-02 14:27 ` David Hildenbrand (Arm)
2026-04-02 17:46 ` Andrei Vagin
2026-04-02 13:30 ` David Hildenbrand (Arm)
2026-04-02 17:47 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac5nzyCMJSkwuhRh@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ljs@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tpluszz77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.