Andrew - This is a hotfix for 6.13, sorry forgot to tag the series as such :)
Thanks!
On Thu, Nov 28, 2024 at 03:06:16PM +0000, Lorenzo Stoakes wrote:
> In commit 158978945f31 ("mm: perform the mapping_map_writable() check after
> call_mmap()") (and preceding changes in the same series) it became possible
> to mmap() F_SEAL_WRITE sealed memfd mappings read-only.
>
> Commit 5de195060b2e ("mm: resolve faulty mmap_region() error path
> behaviour") unintentionally undid this logic by moving the
> mapping_map_writable() check before the shmem_mmap() hook is invoked,
> thereby regressing this change.
>
> This series reworks how we both permit write-sealed mappings being mapped
> read-only and disallow mprotect() from undoing the write-seal, fixing this
> regression.
>
> We also add a regression test to ensure that we do not accidentally regress
> this in future.
>
> Thanks to Julian Orth for reporting this regression.
>
> Note that this will require stable backports to 6.6.y and 6.12.y, I will
> send these manually when this lands upstream.
>
> Lorenzo Stoakes (2):
> mm: reinstate ability to map write-sealed memfd mappings read-only
> selftests/memfd: add test for mapping write-sealed memfd read-only
>
> include/linux/memfd.h | 14 ++++++
> include/linux/mm.h | 58 +++++++++++++++-------
> mm/memfd.c | 2 +-
> mm/mmap.c | 4 ++
> tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++++++
> 5 files changed, 102 insertions(+), 19 deletions(-)
>
> --
> 2.47.0
