Doing an operation such as MADV_DONTNEED on a file-private mapping may
forcibly alter data by discarding CoW'd, anon pages and replacing them
with page cache pages fresh from the filesystem.
As such, this somewhat bypasses the mseal of a read-only mapping, and
should be disallowed.
Signed-off-by: Pedro Falcato <pedro.falcato@xxxxxxxxx>
Fixes: 8be7258aad44 ("mseal: add mseal syscall")
Cc: <stable@xxxxxxxxxxxxxxx> # 6.11.y
---
mm/mseal.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/mm/mseal.c b/mm/mseal.c
index 28cd17d7aaf2..d053303c5542 100644
--- a/mm/mseal.c
+++ b/mm/mseal.c
@@ -36,10 +36,15 @@ static bool is_madv_discard(int behavior)
return false;
}
-static bool is_ro_anon(struct vm_area_struct *vma)
+static bool is_ro_private(struct vm_area_struct *vma)
{
- /* check anonymous mapping. */
- if (vma->vm_file || vma->vm_flags & VM_SHARED)
+ /*
+ * If shared, allow discard operations - it shouldn't
+ * affect the underlying data. Discard on private VMAs may
+ * forcibly alter data by replacing CoW'd anonymous pages
+ * with ones fresh from the page cache.
+ */
+ if (vma->vm_flags & VM_SHARED)
return false;
/*
@@ -61,7 +66,7 @@ bool can_modify_vma_madv(struct vm_area_struct *vma, int behavior)
if (!is_madv_discard(behavior))
return true;
- if (unlikely(!can_modify_vma(vma) && is_ro_anon(vma)))
+ if (unlikely(!can_modify_vma(vma) && is_ro_private(vma)))
return false;
/* Allow by default. */
--
2.47.0
