| Message ID | 20231122141559.4228-4-laoar.shao@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
| bpf/vmtest-bpf-next-PR | fail | PR summary |
| bpf/vmtest-bpf-next-VM_Test-0 | success | Logs for Lint |
| bpf/vmtest-bpf-next-VM_Test-5 | success | Logs for aarch64-gcc / veristat |
| bpf/vmtest-bpf-next-VM_Test-1 | success | Logs for ShellCheck |
| bpf/vmtest-bpf-next-VM_Test-4 | success | Logs for aarch64-gcc / test |
| bpf/vmtest-bpf-next-VM_Test-2 | success | Logs for Validate matrix.py |
| bpf/vmtest-bpf-next-VM_Test-3 | fail | Logs for aarch64-gcc / build / build for aarch64 with gcc |
| bpf/vmtest-bpf-next-VM_Test-6 | fail | Logs for s390x-gcc / build / build for s390x with gcc |
| bpf/vmtest-bpf-next-VM_Test-13 | fail | Logs for x86_64-llvm-16 / build / build for x86_64 with llvm-16 |
| bpf/vmtest-bpf-next-VM_Test-8 | success | Logs for s390x-gcc / veristat |
| bpf/vmtest-bpf-next-VM_Test-12 | success | Logs for x86_64-gcc / veristat |
| bpf/vmtest-bpf-next-VM_Test-7 | success | Logs for s390x-gcc / test |
| bpf/vmtest-bpf-next-VM_Test-11 | success | Logs for x86_64-gcc / test |
| bpf/vmtest-bpf-next-VM_Test-14 | success | Logs for x86_64-llvm-16 / test |
| bpf/vmtest-bpf-next-VM_Test-10 | fail | Logs for x86_64-gcc / build / build for x86_64 with gcc |
| bpf/vmtest-bpf-next-VM_Test-15 | success | Logs for x86_64-llvm-16 / veristat |
| bpf/vmtest-bpf-next-VM_Test-9 | success | Logs for set-matrix |
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 10a590ee1c89..ded2e0e62e24 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1259,8 +1259,15 @@ static long do_mbind(unsigned long start, unsigned long len, if (!new) flags |= MPOL_MF_DISCONTIG_OK; - if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) + if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { + err = security_task_movememory(current); + if (err) { + mpol_put(new); + return err; + } lru_cache_disable(); + } + { NODEMASK_SCRATCH(scratch); if (scratch) {
Considering that mbind(2) using either MPOL_MF_MOVE or MPOL_MF_MOVE_ALL is capable of memory movement, it's essential to include security_task_movememory() to cover this functionality as well. It was identified during a code review. Signed-off-by: Yafang Shao <laoar.shao@gmail.com> --- mm/mempolicy.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)