From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Christian Brauner <brauner@kernel.org>,
David Hildenbrand <david@kernel.org>,
Jann Horn <jannh@google.com>, Kees Cook <kees@kernel.org>,
Lorenzo Stoakes <ljs@kernel.org>, Michal Hocko <mhocko@suse.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: [PATCH v2] mm_access: simplify the security checks
Date: Sat, 30 May 2026 16:12:32 +0200 [thread overview]
Message-ID: <ahrwUGytgulEwujN@redhat.com> (raw)
In-Reply-To: <ahrsfJE3NkKjShEX@redhat.com>
1. Shift the fast-path "mm == current->mm" check from may_access_mm()
to mm_access(), and do it locklessly.
task->mm is not stable but we do not care. We can race with exec,
but in this case we pin/return current->mm. This doesn't differ
from the case where the target execs after we drop exec_update_lock.
All we need for correctness is READ_ONCE() to ensure the compiler
won't reload task->mm. This is not enough for KCSAN, but we already
have other lockless ->mm LOAD's. We should probably change exec_mmap/
exit_mm to use WRITE_ONCE().
2. With the change above, may_access_mm() doesn't need the "mm" argument,
so we do not need to call get_task_mm() beforehand. We can call it
only if may_access_mm() succeeds.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
kernel/fork.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index b8b651abce8b..3239380ab93b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1381,10 +1381,8 @@ struct mm_struct *get_task_mm(struct task_struct *task)
}
EXPORT_SYMBOL_GPL(get_task_mm);
-static bool may_access_mm(struct mm_struct *mm, struct task_struct *task, unsigned int mode)
+static bool may_access_mm(struct task_struct *task, unsigned int mode)
{
- if (mm == current->mm)
- return true;
if (ptrace_may_access(task, mode))
return true;
if ((mode & PTRACE_MODE_READ) && perfmon_capable())
@@ -1394,20 +1392,24 @@ static bool may_access_mm(struct mm_struct *mm, struct task_struct *task, unsign
struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
{
- struct mm_struct *mm;
- int err;
+ struct mm_struct *mm = READ_ONCE(task->mm);
- err = down_read_killable(&task->signal->exec_update_lock);
- if (err)
- return ERR_PTR(err);
+ if (!mm || (task->flags & PF_KTHREAD))
+ return ERR_PTR(-ESRCH);
- mm = get_task_mm(task);
- if (!mm) {
- mm = ERR_PTR(-ESRCH);
- } else if (!may_access_mm(mm, task, mode)) {
- mmput(mm);
- mm = ERR_PTR(-EACCES);
+ if (mm == current->mm) {
+ mmget(mm);
+ return mm;
}
+
+ if (down_read_killable(&task->signal->exec_update_lock))
+ return ERR_PTR(-EINTR);
+
+ if (may_access_mm(task, mode))
+ mm = get_task_mm(task) ?: ERR_PTR(-ESRCH);
+ else
+ mm = ERR_PTR(-EACCES);
+
up_read(&task->signal->exec_update_lock);
return mm;
--
2.52.0
next prev parent reply other threads:[~2026-05-30 14:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-30 13:56 [PATCH] mm_access: simplify the security checks Oleg Nesterov
2026-05-30 14:10 ` Oleg Nesterov
2026-06-01 11:16 ` Lorenzo Stoakes
2026-05-30 14:12 ` Oleg Nesterov [this message]
2026-06-01 12:04 ` [PATCH v2] " David Hildenbrand (Arm)
2026-06-01 12:31 ` Oleg Nesterov
2026-06-01 12:12 ` Lorenzo Stoakes
2026-06-01 12:42 ` Oleg Nesterov
2026-05-30 15:00 ` [PATCH] " Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ahrwUGytgulEwujN@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=david@kernel.org \
--cc=jannh@google.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ljs@kernel.org \
--cc=mhocko@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.