Merge mlx5-next into rdma for-next

[linux.git] / kernel / cred.c

diff --git a/kernel/cred.c b/kernel/cred.c
index e74ffdc98a92c57fb634a6de23354fe80b3141c3..c73a87a4df13fa02d96661fa889ec9fa5f4fd7ea 100644 (file)
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -446,6 +446,15 @@ int commit_creds(struct cred *new)
                if (task->mm)
                        set_dumpable(task->mm, suid_dumpable);
                task->pdeath_signal = 0;
+               /*
+                * If a task drops privileges and becomes nondumpable,
+                * the dumpability change must become visible before
+                * the credential change; otherwise, a __ptrace_may_access()
+                * racing with this change may be able to attach to a task it
+                * shouldn't be able to attach to (as if the task had dropped
+                * privileges without becoming nondumpable).
+                * Pairs with a read barrier in __ptrace_may_access().
+                */
                smp_wmb();
        }