The patch titled
Subject: secretmem: fix unhandled fault in truncate
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
secretmem-fix-unhandled-fault-in-truncate-v3.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/secretmem-fix-unhandled-fault-in-truncate-v3.patch
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Mike Rapoport <rppt@xxxxxxxxxxxxx>
Subject: secretmem: fix unhandled fault in truncate
Date: Thu, 14 Jul 2022 12:13:37 +0300
v3: use invalidate_lock rather than inode_lock
v2: use inode_lock_shared() rather than add a new rw_sem to secretmem
Link: https://lkml.kernel.org/r/20220714091337.412297-1-rppt@xxxxxxxxxx
Reported-by: syzbot+9bd2b7adbd34b30b87e4@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Mike Rapoport <rppt@xxxxxxxxxxxxx>
Suggested-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Reviewed-by: Axel Rasmussen <axelrasmussen@xxxxxxxxxx>
Cc: Hillf Danton <hdanton@xxxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/secretmem.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/mm/secretmem.c~secretmem-fix-unhandled-fault-in-truncate-v3
+++ a/mm/secretmem.c
@@ -61,7 +61,7 @@ static vm_fault_t secretmem_fault(struct
if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode))
return vmf_error(-EINVAL);
- inode_lock_shared(inode);
+ filemap_invalidate_lock_shared(mapping);
retry:
page = find_lock_page(mapping, offset);
@@ -104,7 +104,7 @@ retry:
ret = VM_FAULT_LOCKED;
out:
- inode_unlock_shared(inode);
+ filemap_invalidate_unlock_shared(mapping);
return ret;
}
@@ -173,12 +173,20 @@ static int secretmem_setattr(struct user
struct dentry *dentry, struct iattr *iattr)
{
struct inode *inode = d_inode(dentry);
+ struct address_space *mapping = inode->i_mapping;
unsigned int ia_valid = iattr->ia_valid;
+ int ret;
+
+ filemap_invalidate_lock(mapping);
if ((ia_valid & ATTR_SIZE) && inode->i_size)
- return -EINVAL;
+ ret = -EINVAL;
+ else
+ ret = simple_setattr(mnt_userns, dentry, iattr);
- return simple_setattr(mnt_userns, dentry, iattr);
+ filemap_invalidate_unlock(mapping);
+
+ return ret;
}
static const struct inode_operations secretmem_iops = {
_
Patches currently in -mm which might be from rppt@xxxxxxxxxxxxx are
secretmem-fix-unhandled-fault-in-truncate.patch
secretmem-fix-unhandled-fault-in-truncate-v3.patch
csky-drop-definition-of-pte_order.patch
csky-drop-definition-of-pgd_order.patch
mips-rename-pud_order-to-pud_table_order.patch
mips-drop-definitions-of-pte_order.patch
mips-rename-pgd_order-to-pgd_table_order.patch
nios2-drop-definition-of-pte_order.patch
nios2-drop-definition-of-pgd_order.patch
loongarch-drop-definition-of-pte_order.patch
loongarch-drop-definition-of-pmd_order.patch
loongarch-drop-definition-of-pud_order.patch
loongarch-drop-definition-of-pgd_order.patch
loongarch-drop-definition-of-pgd_order-v2.patch
parisc-rename-pgd_order-to-pgd_table_order.patch
xtensa-drop-definition-of-pgd_order.patch
arm-heads-rename-pmd_order-to-pmd_entry_order.patch
