From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Liam R . Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
Shuah Khan <shuah@kernel.org>, Julian Orth <ju.orth@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH 0/2] mm: reinstate ability to map write-sealed memfd mappings read-only
Date: Thu, 28 Nov 2024 15:06:16 +0000 [thread overview]
Message-ID: <cover.1732804776.git.lorenzo.stoakes@oracle.com> (raw)
In commit 158978945f31 ("mm: perform the mapping_map_writable() check after
call_mmap()") (and preceding changes in the same series) it became possible
to mmap() F_SEAL_WRITE sealed memfd mappings read-only.
Commit 5de195060b2e ("mm: resolve faulty mmap_region() error path
behaviour") unintentionally undid this logic by moving the
mapping_map_writable() check before the shmem_mmap() hook is invoked,
thereby regressing this change.
This series reworks how we both permit write-sealed mappings being mapped
read-only and disallow mprotect() from undoing the write-seal, fixing this
regression.
We also add a regression test to ensure that we do not accidentally regress
this in future.
Thanks to Julian Orth for reporting this regression.
Note that this will require stable backports to 6.6.y and 6.12.y, I will
send these manually when this lands upstream.
Lorenzo Stoakes (2):
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
include/linux/memfd.h | 14 ++++++
include/linux/mm.h | 58 +++++++++++++++-------
mm/memfd.c | 2 +-
mm/mmap.c | 4 ++
tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++++++
5 files changed, 102 insertions(+), 19 deletions(-)
--
2.47.0
next reply other threads:[~2024-11-28 15:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-28 15:06 Lorenzo Stoakes [this message]
2024-11-28 15:06 ` [PATCH 1/2] " Lorenzo Stoakes
2024-11-28 17:45 ` Jann Horn
2024-11-28 17:58 ` Julian Orth
2024-11-28 18:20 ` Lorenzo Stoakes
2024-11-28 18:27 ` Julian Orth
2024-11-28 18:27 ` Jann Horn
2024-11-28 18:35 ` Lorenzo Stoakes
2024-11-28 18:05 ` Lorenzo Stoakes
2024-11-28 18:18 ` Jann Horn
2024-11-28 18:27 ` Lorenzo Stoakes
2024-11-28 15:06 ` [PATCH 2/2] selftests/memfd: add test for mapping write-sealed memfd read-only Lorenzo Stoakes
2024-11-29 10:03 ` [PATCH 0/2] mm: reinstate ability to map write-sealed memfd mappings read-only Lorenzo Stoakes
2024-11-29 10:24 ` Andrew Morton
2024-11-29 11:36 ` Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1732804776.git.lorenzo.stoakes@oracle.com \
--to=lorenzo.stoakes@oracle.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=ju.orth@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=shuah@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox