On Tue, Dec 10, 2024 at 6:12 PM Jann Horn jannh@google.com wrote:
On Tue, Dec 10, 2024 at 11:51 PM Joel Fernandes joel@joelfernandes.org wrote:
On Wed, Dec 4, 2024 at 11:27 AM Jann Horn jannh@google.com wrote:
The current check_memfd_seals() is racy: Since we first do check_memfd_seals() and then udmabuf_pin_folios() without holding any relevant lock across both, F_SEAL_WRITE can be set in between. This is problematic because we can end up holding pins to pages in a write-sealed memfd.
Fix it using the inode lock, that's probably the easiest way. In the future, we might want to consider moving this logic into memfd, especially if anyone else wants to use memfd_pin_folios().
I am curious, why is it not possible to have a reproducer for this issue, is it not reproducible and is theoretical?
Sorry, I think I must have forgotten about this part when I wrote the cover letter: The original bug reporter (Julian) linked to a reproducer that is linked in the bugzilla bug report, at https://github.com/mahkoh/udmabuf-seal. I haven't tried running it myself though.
Thanks, I appreciate the pointer to the reproducer.
Acked-by: Joel Fernandes (Google) joel@joelfernandes.org
thanks,
- Joel