From patchwork Thu Oct 12 17:04:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Stoakes X-Patchwork-Id: 13419482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35CC9CDB483 for ; Thu, 12 Oct 2023 17:04:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 965A78D0136; Thu, 12 Oct 2023 13:04:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C7198D0002; Thu, 12 Oct 2023 13:04:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 71A2E8D0136; Thu, 12 Oct 2023 13:04:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 5C8118D0002 for ; Thu, 12 Oct 2023 13:04:40 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2808880600 for ; Thu, 12 Oct 2023 17:04:40 +0000 (UTC) X-FDA: 81337433520.10.529FFC9 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by imf25.hostedemail.com (Postfix) with ESMTP id 15484A0006 for ; Thu, 12 Oct 2023 17:04:37 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="Hh8/sx6v"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf25.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.221.51 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697130278; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7LHgfYhq7AemM3CMY63djM9UPMuGnWJ3Ca40aCfcDv0=; b=19PV7XjlMDBQOgP3Cgf/jfieIvUgcokLAiP6Ho/KjYP9R0JgLGSGtol0sRULZN8JzX8AI0 8QKegvAL/5KhTu8DhhX1UDzcrOcsHAPFlDibtVgAOmpCxK+6zw/knL7BwAIZT9BaSRe4UK K+rL3ZwQ3Is8bTz/SxgqPO7zbPTyN9g= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="Hh8/sx6v"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf25.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.221.51 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697130278; a=rsa-sha256; cv=none; b=u08rTW1S4p3ektSVoYfdGSlA/2QAtl6kw+P/vX0DbMW2mR1IBxnCZuV6Ch9jCcQCZRmZbY pWqVgt8VFfb4ViK9lCR/nE1HrlqYL3ZV22dCoQnOmmK47M6WB6AjaxbpVNXNEK/it34O4d DHalMnqI1po9mqNQThvps8FhzCGzM5g= Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-32157c8e4c7so1158192f8f.1 for ; Thu, 12 Oct 2023 10:04:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697130276; x=1697735076; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7LHgfYhq7AemM3CMY63djM9UPMuGnWJ3Ca40aCfcDv0=; b=Hh8/sx6vGXG7LA6gIIkl6dL9TAdpw+HskTu8JjQHAIoNWWLhe3DQa+6ylhOC9USEVx fmaFP12ycH/V7djxSTd5PfwqoOIfsMebBqNETOpDN1jMuCs1f5aFUkDm/QEaNyrYQv5U QlGJgwEnhi3n20/qCJu3Hp/UlrDCYqz3Aodfb3O3LveJfSnYEdoVFSepP1CUcpRT7t1l Ubl5UNXOQrtPlEfxbPkmQNdttQkSOG3EPq6/3CrWS6kBMvKdVoMirwrXd0zj09RxfxIf QOgGWqoOAdSRn9fve7hTxV/ZL6d1wlKD6yTBBMHgcIVuwR2G+s5V+0tjnKPyzFwZmp2P wmfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697130276; x=1697735076; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7LHgfYhq7AemM3CMY63djM9UPMuGnWJ3Ca40aCfcDv0=; b=vT9sJT3M8h86I7WQYrZXCsavIOM6pNWK1K+SDWIt/nOmrtA+egK2o8yjpm1A4+7gfa /Tyhj3Q1RW8YSsI//89P3MhKnoHi0dr6zEd/9Ct5kO/NNfm70AoB0AhWb4mjKKN/+zFD ClEuZsmUYnFaLz4vSxjpmVd9tlMbHQT9A6zu+wA2j8XUs8cK1VDP0Py/D8yxTZlnqiOx 4Fo9uJbX6qYr0+31rnZNLS1mAlq/zIHeR2gT2MBd48/S52xEAvQ7gsfTFsDY4CYbtjLW f/7XvW1ReodSM9SGMstlLE0BxNvgpMpvIOr4wn22VEisUDD4RE1HK2XOfwrq/nJXraH5 n+jw== X-Gm-Message-State: AOJu0YzshT3KAGqytb2wqPQpsEbJbGo6ON8YGCQayBIsw7ySLVjVJX6S Efjcaf6Bech4uEBN+xG2zdYWlyUULyg= X-Google-Smtp-Source: AGHT+IH0xAcE4YpN2PK6WqZDga4ztB5LkRYTzIVE53cOl8uKk2DQm6dZmFs1iPawW4LIUtQS3pkW5Q== X-Received: by 2002:a5d:628a:0:b0:320:bb1:5a73 with SMTP id k10-20020a5d628a000000b003200bb15a73mr21972024wru.22.1697130276078; Thu, 12 Oct 2023 10:04:36 -0700 (PDT) Received: from lucifer.home ([2a00:23c5:dc8c:8701:1663:9a35:5a7b:1d76]) by smtp.googlemail.com with ESMTPSA id h16-20020adffd50000000b003197869bcd7sm18875418wrs.13.2023.10.12.10.04.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 10:04:34 -0700 (PDT) From: Lorenzo Stoakes To: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton Cc: Mike Kravetz , Muchun Song , Alexander Viro , Christian Brauner , Matthew Wilcox , Hugh Dickins , Andy Lutomirski , Jan Kara , linux-fsdevel@vger.kernel.org, bpf@vger.kernel.org, Lorenzo Stoakes Subject: [PATCH v4 2/3] mm: update memfd seal write check to include F_SEAL_WRITE Date: Thu, 12 Oct 2023 18:04:29 +0100 Message-ID: <913628168ce6cce77df7d13a63970bae06a526e0.1697116581.git.lstoakes@gmail.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: References: MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 15484A0006 X-Stat-Signature: idc1ume4y4txqq4wwmu6hkweky8zgjej X-HE-Tag: 1697130277-359923 X-HE-Meta: U2FsdGVkX1/KXC8jE3uEQwO2R7S8Wnc4G+HflWxbmaTqv+3yWnbkpNKo8Inok7L/pqCH0S7otdztU0AIukDOGGXEVChDhCN4sQttCu9pStJ/Vhd480eRGFe1BKzDB1hwtX5L5wftVsDJLgrig6HmSjJDQbO5NkztY+JXH32T9eY5/hSR11KbJMaRINwNN/7XuGSEb3wo/J4q6459l+JIqyoiDPvNovoifRO0UW8xe25Jn6cWwjaeva0ICVCzRvgQPMnkanpjwz45Ra+yCXOdZHSV42UE4sCGJ62RW32blb4phabUHEBC7Xj0XYIDe5e8kxV/GvjNMG+7rOvjP3wbWmH02MPMnqk40PE5WK6oe3QNfTt4t710zaUQQby0tptMACOfuNS4nIcy+Qaf24q2lIUQkTvMsDSSH9hMRHvj7puNiIgdxnoNBqj0QcfQP53EhyeLA0tUFJDE+xcsQLBWo6+cS0NwUQ8DihHvWpwbciu+RPmJLClsVmI0ZjBWGrb654kvdmL+twNp64dfZedIH5TYLGTWJ0Urie2KhTO45HRxG92RbSaesBnog8Rlsm2U+L8rI/j3GmoPj1XWmwBsEZ2j5ScrHfZBAIRjPsRkPAw6xkmet3YXXr+TMiBv7Jk6xKVdoDNuTsjSbeXIdwakUlOPDfaOpEdpSEIjhkOAweTwgGDIHAbvCFTgdc8yPCWuKPBiqj6Tf/WJvtKNdiEV7r7sOnIQ2Kg14cXF5lOpnIX4Q/zv1U9bKpKHs3wWwlrIRX+Z6FdwEAPNgJylxul26I9wiso3ceCTbVeVyqpnfY/A4IFgZPWgxSKcEJttpDRHd1w5bIrcelTGKxeLo4YBDTbcWQ3VUlcJ4957Znu0q9snjfSpFpvu0mDD1N0JfHF8iz6HbiGweEO7mCtTZBKaH1l93nM/r65B1EBqU1uGgXdGWnb/ig4QdwAW9nH/fWs8+NAYNIAQDtuw9rsnPdo PHCYFwnA zIC5GfvdinY6OO5gKDD3HssUXq6IoUJ9U5mnSBCun8QFV7p67Eu4DG3nPkfrkMhusnTJ+Q8qidJzCtnipCN9celfewleqN0lEbDqWt166DvEC4jAqmaO8TTowxNUadsPyq0laQK1sm0pWRq44wOFN4JV8wFzR8rrc3oo9myaW4GlJMzDt9zB47Ejl8ULMPJ5ciHj0jYOZp6eWLSLRhkvgVbmUfZgFIwZ6nnto/AngULIj4Zx+/grUUXYtd3pmz55rznOrHJB9DyUUoy+r7/8R/aSJxfsmM0OqhBl/9gkOQsO5taOfSMfMye/7Mp3hVjxKuAT5jYLxkX83gDbwKaRr/EVEIeIUzgEC86NYeNlhlu9RH42GcjwUBUfj3InKqd5VeRR3SsgnooJZMpOZUPOcVaQdnd2HHgfQoZezKAYVOOe0PQcIEpfbXCzNmLN7m1JUqCMO X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The seal_check_future_write() function is called by shmem_mmap() or hugetlbfs_file_mmap() to disallow any future writable mappings of an memfd sealed this way. The F_SEAL_WRITE flag is not checked here, as that is handled via the mapping->i_mmap_writable mechanism and so any attempt at a mapping would fail before this could be run. However we intend to change this, meaning this check can be performed for F_SEAL_WRITE mappings also. The logic here is equally applicable to both flags, so update this function to accommodate both and rename it accordingly. Signed-off-by: Lorenzo Stoakes Reviewed-by: Jan Kara --- fs/hugetlbfs/inode.c | 2 +- include/linux/mm.h | 15 ++++++++------- mm/shmem.c | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 06693bb1153d..5c333373dcc9 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -112,7 +112,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) vm_flags_set(vma, VM_HUGETLB | VM_DONTEXPAND); vma->vm_ops = &hugetlb_vm_ops; - ret = seal_check_future_write(info->seals, vma); + ret = seal_check_write(info->seals, vma); if (ret) return ret; diff --git a/include/linux/mm.h b/include/linux/mm.h index bae234d18d81..26d7dc3b342b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4078,25 +4078,26 @@ static inline void mem_dump_obj(void *object) {} #endif /** - * seal_check_future_write - Check for F_SEAL_FUTURE_WRITE flag and handle it + * seal_check_write - Check for F_SEAL_WRITE or F_SEAL_FUTURE_WRITE flags and + * handle them. * @seals: the seals to check * @vma: the vma to operate on * - * Check whether F_SEAL_FUTURE_WRITE is set; if so, do proper check/handling on - * the vma flags. Return 0 if check pass, or <0 for errors. + * Check whether F_SEAL_WRITE or F_SEAL_FUTURE_WRITE are set; if so, do proper + * check/handling on the vma flags. Return 0 if check pass, or <0 for errors. */ -static inline int seal_check_future_write(int seals, struct vm_area_struct *vma) +static inline int seal_check_write(int seals, struct vm_area_struct *vma) { - if (seals & F_SEAL_FUTURE_WRITE) { + if (seals & (F_SEAL_WRITE | F_SEAL_FUTURE_WRITE)) { /* * New PROT_WRITE and MAP_SHARED mmaps are not allowed when - * "future write" seal active. + * write seals are active. */ if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE)) return -EPERM; /* - * Since an F_SEAL_FUTURE_WRITE sealed memfd can be mapped as + * Since an F_SEAL_[FUTURE_]WRITE sealed memfd can be mapped as * MAP_SHARED and read-only, take care to not allow mprotect to * revert protections on such mappings. Do this only for shared * mappings. For private mappings, don't need to mask diff --git a/mm/shmem.c b/mm/shmem.c index 6503910b0f54..cab053831fea 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2405,7 +2405,7 @@ static int shmem_mmap(struct file *file, struct vm_area_struct *vma) struct shmem_inode_info *info = SHMEM_I(inode); int ret; - ret = seal_check_future_write(info->seals, vma); + ret = seal_check_write(info->seals, vma); if (ret) return ret;