From: Greg Kroah-Hartman Date: Mon, 15 Mar 2021 11:07:31 +0000 (+0100) Subject: drop queue-5.10/mm-madvise-replace-ptrace-attach-requirement-for-process_madvise... X-Git-Tag: v4.4.262~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=48066462abc744e4109903a3d02c5e18f652259b;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-5.10/mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch --- diff --git a/queue-5.10/mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch b/queue-5.10/mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch deleted file mode 100644 index b03361a70a9..00000000000 --- a/queue-5.10/mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e Mon Sep 17 00:00:00 2001 -From: Suren Baghdasaryan -Date: Fri, 12 Mar 2021 21:08:06 -0800 -Subject: mm/madvise: replace ptrace attach requirement for process_madvise - -From: Suren Baghdasaryan - -commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e upstream. - -process_madvise currently requires ptrace attach capability. -PTRACE_MODE_ATTACH gives one process complete control over another -process. It effectively removes the security boundary between the two -processes (in one direction). Granting ptrace attach capability even to a -system process is considered dangerous since it creates an attack surface. -This severely limits the usage of this API. - -The operations process_madvise can perform do not affect the correctness -of the operation of the target process; they only affect where the data is -physically located (and therefore, how fast it can be accessed). What we -want is the ability for one process to influence another process in order -to optimize performance across the entire system while leaving the -security boundary intact. - -Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ and -CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata and -CAP_SYS_NICE for influencing process performance. - -Link: https://lkml.kernel.org/r/20210303185807.2160264-1-surenb@google.com -Signed-off-by: Suren Baghdasaryan -Reviewed-by: Kees Cook -Acked-by: Minchan Kim -Acked-by: David Rientjes -Cc: Jann Horn -Cc: Jeff Vander Stoep -Cc: Michal Hocko -Cc: Shakeel Butt -Cc: Tim Murray -Cc: Florian Weimer -Cc: Oleg Nesterov -Cc: James Morris -Cc: [5.10+] -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman ---- - mm/madvise.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - ---- a/mm/madvise.c -+++ b/mm/madvise.c -@@ -1202,12 +1202,22 @@ SYSCALL_DEFINE5(process_madvise, int, pi - goto release_task; - } - -- mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS); -+ /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */ -+ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); - if (IS_ERR_OR_NULL(mm)) { - ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; - goto release_task; - } - -+ /* -+ * Require CAP_SYS_NICE for influencing process performance. Note that -+ * only non-destructive hints are currently supported. -+ */ -+ if (!capable(CAP_SYS_NICE)) { -+ ret = -EPERM; -+ goto release_mm; -+ } -+ - total_len = iov_iter_count(&iter); - - while (iov_iter_count(&iter)) { -@@ -1222,6 +1232,7 @@ SYSCALL_DEFINE5(process_madvise, int, pi - if (ret == 0) - ret = total_len - iov_iter_count(&iter); - -+release_mm: - mmput(mm); - release_task: - put_task_struct(task); diff --git a/queue-5.10/series b/queue-5.10/series index d9eafd212e8..fec51a87075 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -281,5 +281,4 @@ kvm-arm64-nvhe-save-the-spe-context-early.patch kvm-arm64-reject-vm-creation-when-the-default-ipa-size-is-unsupported.patch kvm-arm64-fix-exclusive-limit-for-ipa-size.patch mm-userfaultfd-fix-memory-corruption-due-to-writeprotect.patch -mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch mm-memcg-set-memcg-when-splitting-page.patch