In commit 158978945f31 ("mm: perform the mapping_map_writable() check after
call_mmap()") (and preceding changes in the same series) it became possible
to mmap() F_SEAL_WRITE sealed memfd mappings read-only.
Commit 5de195060b2e ("mm: resolve faulty mmap_region() error path
behaviour") unintentionally undid this logic by moving the
mapping_map_writable() check before the shmem_mmap() hook is invoked,
thereby regressing this change.
This series reworks how we both permit write-sealed mappings being mapped
read-only and disallow mprotect() from undoing the write-seal, fixing this
regression.
We also add a regression test to ensure that we do not accidentally regress
this in future.
Thanks to Julian Orth for reporting this regression.
Note that this will require stable backports to 6.6.y and 6.12.y, I will
send these manually when this lands upstream.
Lorenzo Stoakes (2):
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
include/linux/memfd.h | 14 ++++++
include/linux/mm.h | 58 +++++++++++++++-------
mm/memfd.c | 2 +-
mm/mmap.c | 4 ++
tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++++++
5 files changed, 102 insertions(+), 19 deletions(-)
--
2.47.0
