Revert "UPSTREAM: mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust"

This reverts commit 2e0d7ea44a. Change-Id: Id8ca9575c75db3eeb06b7aa7217a59c85e55d0ac
2026-06-08 14:42:37 +02:00 · 2019-01-16 09:42:37 -05:00 · 2019-01-16 09:42:37 -05:00 · 3a49374afc
commit 3a49374afc
parent 9133e3486a
3 changed files with 23 additions and 22 deletions
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@ -530,7 +530,7 @@ static long hugetlbfs_punch_hole(struct inode *inode, loff_t offset, loff_t len)
 		inode_lock(inode);

 		/* protected by i_mutex */
-		if (info->seals & (F_SEAL_WRITE | F_SEAL_FUTURE_WRITE)) {
+		if (info->seals & F_SEAL_WRITE) {
 			inode_unlock(inode);
 			return -EPERM;
 		}
--- a/mm/memfd.c
+++ b/mm/memfd.c
@ -220,6 +220,25 @@ static int memfd_add_seals(struct file *file, unsigned int seals)
 		}
 	}

+	if ((seals & F_SEAL_FUTURE_WRITE) &&
+	    !(*file_seals & F_SEAL_FUTURE_WRITE)) {
+		/*
+		 * The FUTURE_WRITE seal also prevents growing and shrinking
+		 * so we need them to be already set, or requested now.
+		 */
+		int test_seals = (seals | *file_seals) &
+				 (F_SEAL_GROW | F_SEAL_SHRINK);
+
+		if (test_seals != (F_SEAL_GROW | F_SEAL_SHRINK)) {
+			error = -EINVAL;
+			goto unlock;
+		}
+
+		spin_lock(&file->f_lock);
+		file->f_mode &= ~(FMODE_WRITE | FMODE_PWRITE);
+		spin_unlock(&file->f_lock);
+	}
+
 	*file_seals |= seals;
 	error = 0;

--- a/mm/shmem.c
+++ b/mm/shmem.c
@ -2169,23 +2169,6 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user)

 static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
 {
-	struct shmem_inode_info *info = SHMEM_I(file_inode(file));
-
-	/*
-	 * New PROT_READ and MAP_SHARED mmaps are not allowed when "future
-	 * write" seal active.
-	 */
-	if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE) &&
-	    (info->seals & F_SEAL_FUTURE_WRITE))
-		return -EPERM;
-
-	/*
-	 * Since the F_SEAL_FUTURE_WRITE seals allow for a MAP_SHARED read-only
-	 * mapping, take care to not allow mprotect to revert protections.
-	 */
-	if (info->seals & F_SEAL_FUTURE_WRITE)
-		vma->vm_flags &= ~(VM_MAYWRITE);
-
 	file_accessed(file);
 	vma->vm_ops = &shmem_vm_ops;
 	if (IS_ENABLED(CONFIG_TRANSPARENT_HUGE_PAGECACHE) &&
@ -2439,9 +2422,8 @@ shmem_write_begin(struct file *file, struct address_space *mapping,
 	pgoff_t index = pos >> PAGE_SHIFT;

 	/* i_mutex is held by caller */
-	if (unlikely(info->seals & (F_SEAL_GROW |
-				   F_SEAL_WRITE | F_SEAL_FUTURE_WRITE))) {
-		if (info->seals & (F_SEAL_WRITE | F_SEAL_FUTURE_WRITE))
+	if (unlikely(info->seals & (F_SEAL_WRITE | F_SEAL_GROW))) {
+		if (info->seals & F_SEAL_WRITE)
 			return -EPERM;
 		if ((info->seals & F_SEAL_GROW) && pos + len > inode->i_size)
 			return -EPERM;
@ -2704,7 +2686,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
 		DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);

 		/* protected by i_mutex */
-		if (info->seals & (F_SEAL_WRITE | F_SEAL_FUTURE_WRITE)) {
+		if (info->seals & F_SEAL_WRITE) {
 			error = -EPERM;
 			goto out;
 		}