madvise: replace ptrace attach requirement for process_madvise

Florian Weimer Mon, 11 Jan 2021 02:22:13 -0800

* Suren Baghdasaryan:

> diff --git a/mm/madvise.c b/mm/madvise.c
> index 6a660858784b..c2d600386902 100644
> --- a/mm/madvise.c
> +++ b/mm/madvise.c
> @@ -1197,12 +1197,22 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const 
> struct iovec __user *, vec,
>               goto release_task;
>       }
>  
> -     mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS);
> +     /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */
> +     mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
>       if (IS_ERR_OR_NULL(mm)) {
>               ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
>               goto release_task;
>       }


Shouldn't this depend on the requested behavior?  Several operations
directly result in observable changes, and go beyond performance tuning.

Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Reply via email to