On Tue, Dec 10, 2024 at 11:51 PM Joel Fernandes <joel@xxxxxxxxxxxxxxxxx> wrote: > On Wed, Dec 4, 2024 at 11:27 AM Jann Horn <jannh@xxxxxxxxxx> wrote: > > The current check_memfd_seals() is racy: Since we first do > > check_memfd_seals() and then udmabuf_pin_folios() without holding any > > relevant lock across both, F_SEAL_WRITE can be set in between. > > This is problematic because we can end up holding pins to pages in a > > write-sealed memfd. > > > > Fix it using the inode lock, that's probably the easiest way. > > In the future, we might want to consider moving this logic into memfd, > > especially if anyone else wants to use memfd_pin_folios(). > > I am curious, why is it not possible to have a reproducer for this > issue, is it not reproducible and is theoretical? Sorry, I think I must have forgotten about this part when I wrote the cover letter: The original bug reporter (Julian) linked to a reproducer that is linked in the bugzilla bug report, at <https://github.com/mahkoh/udmabuf-seal>. I haven't tried running it myself though. > thanks, > > - Joel > > > > > Reported-by: Julian Orth <ju.orth@xxxxxxxxx> > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219106 > > Closes: https://lore.kernel.org/r/CAG48ez0w8HrFEZtJkfmkVKFDhE5aP7nz=obrimeTgpD+StkV9w@xxxxxxxxxxxxxx > > Fixes: fbb0de795078 ("Add udmabuf misc device") > > Cc: stable@xxxxxxxxxxxxxxx > > Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
