Linux-mm Archive on
 help / color / Atom feed
From: Otto Ebeling <>
Cc: Christoph Lameter <>
Subject: [PATCH] Unify migrate_pages and move_pages access checks
Date: Sun, 1 Oct 2017 18:33:39 +0300 (EEST)
Message-ID: <> (raw)

Commit 197e7e521384a23b9e585178f3f11c9fa08274b9 ("Sanitize 'move_pages()'
permission checks") fixed a security issue I reported in the move_pages
syscall, and made it so that you can't act on set-uid processes unless
you have the CAP_SYS_PTRACE capability.

Unify the access check logic of migrate_pages to match the new
behavior of move_pages. We discussed this a bit in the security@ list
and thought it'd be good for consistency even though there's no evident
security impact. The NUMA node access checks are left intact and require
CAP_SYS_NICE as before.

Signed-off-by: Otto Ebeling <>

  mm/mempolicy.c | 11 +++--------
  1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 006ba62..abfe469 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -98,6 +98,7 @@
  #include <linux/mmu_notifier.h>
  #include <linux/printk.h>
  #include <linux/swapops.h>
+#include <linux/ptrace.h>

  #include <asm/tlbflush.h>
  #include <linux/uaccess.h>
@@ -1365,7 +1366,6 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned 
long, maxnode,
  		const unsigned long __user *, old_nodes,
  		const unsigned long __user *, new_nodes)
-	const struct cred *cred = current_cred(), *tcred;
  	struct mm_struct *mm = NULL;
  	struct task_struct *task;
  	nodemask_t task_nodes;
@@ -1402,14 +1402,9 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned 
long, maxnode,

  	 * Check if this process has the right to modify the specified
-	 * process. The right exists if the process has administrative
-	 * capabilities, superuser privileges or the same
-	 * userid as the target process.
+	 * process. Use the regular "ptrace_may_access()" checks.
-	tcred = __task_cred(task);
-	if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, 
tcred->uid) &&
-	    !uid_eq(cred->uid,  tcred->suid) && !uid_eq(cred->uid, 
tcred->uid) &&
-	    !capable(CAP_SYS_NICE)) {
+	if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
  		err = -EPERM;
  		goto out_put;

To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to  For more info on Linux MM,
see: .
Don't email: <a href=mailto:""> </a>

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-01 15:33 Otto Ebeling [this message]
2017-10-04 14:00 ` Michal Hocko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-mm Archive on

Archives are clonable:
	git clone --mirror linux-mm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mm linux-mm/ \
	public-inbox-index linux-mm

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone