From nobody Mon Jun 15 07:33:52 2026
Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com
 [209.85.219.53])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A99336E494
	for <linux-kernel@vger.kernel.org>; Thu,  9 Apr 2026 03:27:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.53
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1775705234; cv=none;
 b=YEHsmUoREpul1EosnvnCZiQKsOPrckpqo5ls7g+DD9WOouiD605CA5k1rF9dedwXyhDXI0sNyUuv5xwqZDyVcIywWxsIiL0Er9AOSuzNxkMFcQty9M1LH5Ucfg7K69HDQRZA4EYhPIuz19urGsPKJjIFjvCZvL7TjqN26P3Tgsg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1775705234; c=relaxed/simple;
	bh=3YKHQcKX1EvLSWYYz2DGpUM0gY9cgEN0a6P/MFj1RyE=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=ahLwG2vNYF8k4UEMDLkV8/J38u27wOIq1bex6GhnQ9QrUU+Pm7X0oqPo4wwtdpuW/zOJaGNS3Lcn6UG5Kj/ps++k9OwdV9JRLXuRnO50HiGDe/6/ggjBDxwoUxCMPodMjXPauxpSxaEv0Gi7J5y9eu9QmQUHNByYuWcbXYR0mA0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=Iy1nRyXF; arc=none smtp.client-ip=209.85.219.53
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="Iy1nRyXF"
Received: by mail-qv1-f53.google.com with SMTP id
 6a1803df08f44-8a1e1817db6so3894306d6.2
        for <linux-kernel@vger.kernel.org>;
 Wed, 08 Apr 2026 20:27:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1775705232; x=1776310032;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=rgwZ6SosszOPu4bTXxg3SOeJ3ZEqI6AWAorlCbLhKKQ=;
        b=Iy1nRyXFfVUXNwueUODrQFlTSf3nRnRCu6HtzXPyg1tx8phywyurkCyCVkHIQ05P7B
         mkNtx9ruDJC0J2y7jsvp8BD/RcAVOD5PIMdioTqoqe2fqsynTU03C7/OD9Cj0dNu/d1Z
         8KoBlHpPa8xStsXAI25tWxqNEafxM93dPNMZ+t5MD/olDC9eDtUy8kZjoEVG692NXSaO
         blqihYzp87TZ8nv9HcAOzklA3A+ltMcXKBqoNWfuAXyAj0xmvGgMLumbE5tAkLIKdFzw
         pp3fuLNEXrfKiiEEF1a7fFXZNen03cFLDUu/skJavO9o3fDe+tEQ8ng3uZ/ruhmov0JN
         ZP4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1775705232; x=1776310032;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=rgwZ6SosszOPu4bTXxg3SOeJ3ZEqI6AWAorlCbLhKKQ=;
        b=XTcRuRRlPKs1qpz7GD2CWAcUMi5ZXxTYo+Cir12ANXVK9qbhuWYGyEtTCbivHS2eN9
         E8APWdxy8B64Y7Z6iPZoJbxdVgITsFfz9FV4taf7LKhh7rore7+4x8kWiRC4Tx9fxisU
         4XBjxX8ZsFU7ogyr9/EtsHyBZsO2KCAZ+/liIkgyUxj9mOD/nNaPX9g/VNGpW9S0Fwyh
         MWWTQfqF3LJNL9O2vwDw1m3pCjigfYnBRbJXXBsQkuz+FAZmvfJ3KrAmeImbPIhhAWpi
         fALVmyfmR+/5L5lYG5fzcnN8LZiPR8y35IRGxr1+2K4bP10IyaBGZe+vRNFJlpJOnWjP
         GrcA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUk+hrJ4ah2yO0RI3j87+W0gMRfqxe0LzgEMGUbez84SKbQDLhE/LIejz/PUOh2XA0HRX0PiKIdx1jSUDc=@vger.kernel.org
X-Gm-Message-State: AOJu0YwqrYAuMuJ0gkgaKYWtZM//wHRPtpXfNmtVHhfGvbnswzyAYGrR
	YnZYbNTHdAUNLIgui9I9KGr/csDrNhnat/FxDrsXnxBXZ2smj8stkQhu
X-Gm-Gg: AeBDietrfiAZtIbISVc5JY8acZuYG0lYHWkt2XilKUrE/Ax2HwdsZxFHCC4jIiMGsgG
	6f2zG9g+wzg4skZoIQs7H2RI6kOXc9FJyQRnkJ7azIwVIQT2EN1I4ylJO6MF9H1TlMyiDzJJIrl
	wN2oobuQyp5yMlQk1VE3apvCQoeGeZ+RiICzEPIqUNcreF6+3kHzj47KqIeicIKKfwOm4tD4WSG
	8MAqN9MOadniVWOnHKZSSdoSPt7w261BqQmAvReeJYChNRqsPY5kA/CTIfFFwosV6tz3ryQZasw
	awYCe/HHyiKBGH6pT9XFBSboKfc2iNLb67wt3VLUkB5tPcddNqVVOtNIbW/btOpYdGM1KJRIvTU
	Y++7a4xEDiiu4eBMHryP23/bQPi5Y0xa46fnW5Cbv59UT8eauMV+DFcJqxhZWXDGii8DT+rApML
	LDYlWzACH6+UgXaxlgMNxU/RoFNSYYydC4gn5kgFhPSh64063/m3ICzQb6lPbnH4W/xu3owjs2M
	pMJwstaOiNUJYJf++5EYqjQ2y6J
X-Received: by 2002:a05:6214:4890:b0:8ac:7616:569d with SMTP id
 6a1803df08f44-8ac76165ac8mr16253766d6.22.1775705232234;
        Wed, 08 Apr 2026 20:27:12 -0700 (PDT)
Received: from
 TDC4045031631.e0cglfehwr0e5gttmepj3hi3hf.ux.internal.cloudapp.net
 ([20.63.37.123])
        by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-8ac56e3a898sm60140406d6.38.2026.04.08.20.27.11
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 08 Apr 2026 20:27:11 -0700 (PDT)
From: Ashutosh Desai <ashutoshdesai993@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Anna-Maria Behnsen <anna-maria@linutronix.de>,
	linux-kernel@vger.kernel.org,
	Ashutosh Desai <ashutoshdesai993@gmail.com>
Subject: [PATCH] posix-timers: Require privilege to enable timer ID restore
 mode
Date: Thu,  9 Apr 2026 03:27:10 +0000
Message-Id: <20260409032710.2092791-1-ashutoshdesai993@gmail.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

PR_TIMER_CREATE_RESTORE_IDS_ON switches timer_create() into a mode
where the caller supplies explicit timer IDs, intended exclusively for
CRIU checkpoint/restore. The UAPI comment is explicit: "Don't use for
normal operations as the result might be undefined."

Despite that, the prctl handler has no capability check. Any unprivileged
process can enable the mode. Every comparable CRIU prctl in the kernel
gates on checkpoint_restore_ns_capable() - PR_SET_MM_MAP, PR_SET_MM_EXE_FIL=
E,
etc. This one should too.

Add the check to the ON case only. OFF and GET are left unrestricted so a
process can always query or clear the flag without privilege.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Anna-Maria Behnsen <anna-maria@linutronix.de>
Signed-off-by: Ashutosh Desai <ashutoshdesai993@gmail.com>
---
 kernel/time/posix-timers.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
index 413e2389f..b8582416b 100644
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -9,6 +9,7 @@
  *
  * These are all the functions necessary to implement POSIX clocks & timers
  */
+#include <linux/capability.h>
 #include <linux/compat.h>
 #include <linux/compiler.h>
 #include <linux/init.h>
@@ -380,6 +381,8 @@ long posixtimer_create_prctl(unsigned long ctrl)
 		current->signal->timer_create_restore_ids =3D 0;
 		return 0;
 	case PR_TIMER_CREATE_RESTORE_IDS_ON:
+		if (!checkpoint_restore_ns_capable(current_user_ns()))
+			return -EPERM;
 		current->signal->timer_create_restore_ids =3D 1;
 		return 0;
 	case PR_TIMER_CREATE_RESTORE_IDS_GET:
--=20
2.34.1