git.ipfire.org Git - thirdparty/linux.git/commit

author	Jann Horn <jannh@google.com>
	Wed, 4 Dec 2024 16:26:19 +0000 (17:26 +0100)
committer	Vivek Kasireddy <vivek.kasireddy@intel.com>
	Thu, 12 Dec 2024 00:47:40 +0000 (16:47 -0800)
commit	9cb189a882738c1d28b349d4e7c6a1ef9b3d8f87
tree	3f7bd0d55b1e6d5b40824f0452c9f72790aa2add	tree
parent	2872e21c47c359b902e53faf7e749c8ea682f7f7	commit \| diff

udmabuf: fix racy memfd sealing check

The current check_memfd_seals() is racy: Since we first do
check_memfd_seals() and then udmabuf_pin_folios() without holding any
relevant lock across both, F_SEAL_WRITE can be set in between.
This is problematic because we can end up holding pins to pages in a
write-sealed memfd.

Fix it using the inode lock, that's probably the easiest way.
In the future, we might want to consider moving this logic into memfd,
especially if anyone else wants to use memfd_pin_folios().

Reported-by: Julian Orth <ju.orth@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219106
Closes: https://lore.kernel.org/r/CAG48ez0w8HrFEZtJkfmkVKFDhE5aP7nz=obrimeTgpD+StkV9w@mail.gmail.com
Fixes: fbb0de795078 ("Add udmabuf misc device")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241204-udmabuf-fixes-v2-1-23887289de1c@google.com