From: Jann Horn <jannh@xxxxxxxxxx>
commit 0a16e24e34f28210f68195259456c73462518597 upstream.
When F_SEAL_FUTURE_WRITE was introduced, it was overlooked that udmabuf
must reject memfds with this flag, just like ones with F_SEAL_WRITE.
Fix it by adding F_SEAL_FUTURE_WRITE to SEALS_DENIED.
Fixes: ab3948f58ff8 ("mm/memfd: add an F_SEAL_FUTURE_WRITE seal to memfd")
Cc: stable@xxxxxxxxxxxxxxx
Acked-by: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx>
Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
Reviewed-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20241204-udmabuf-fixes-v2-2-23887289de1c@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/dma-buf/udmabuf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -256,7 +256,7 @@ static const struct dma_buf_ops udmabuf_
};
#define SEALS_WANTED (F_SEAL_SHRINK)
-#define SEALS_DENIED (F_SEAL_WRITE)
+#define SEALS_DENIED (F_SEAL_WRITE|F_SEAL_FUTURE_WRITE)
static int check_memfd_seals(struct file *memfd)
{
Patches currently in stable-queue which might be from jannh@xxxxxxxxxx are
queue-6.12/udmabuf-also-check-for-f_seal_future_write.patch
queue-6.12/io_uring-fix-registered-ring-file-refcount-leak.patch
queue-6.12/udmabuf-fix-racy-memfd-sealing-check.patch
queue-6.12/udmabuf-fix-memory-leak-on-last-export_udmabuf-error.patch
