Hello,
Until kernel version 6.7, a write-sealed memfd could not be mapped as shared and read-only. This was clearly a bug, and was not inline with the description of F_SEAL_WRITE in the man page for fcntl()[1].
Lorenzo's series [2] fixed that issue and was merged in kernel version 6.7, but was not backported to older kernels. So, this issue is still present on kernels 5.4, 5.10, 5.15, 6.1, and 6.6.
This series consists of backports of two of Lorenzo's series [2] and [3].
Note: for [2], I dropped the last patch in that series, since it wouldn't make sense to apply it due to [4] being part of this tree. In lieu of that, I backported [3] to ultimately allow write-sealed memfds to be mapped as read-only.
[1] https://man7.org/linux/man-pages/man2/fcntl.2.html [2] https://lore.kernel.org/all/913628168ce6cce77df7d13a63970bae06a526e0.1697116... [3] https://lkml.kernel.org/r/99fc35d2c62bd2e05571cf60d9f8b843c56069e0.173280477... [4] https://lore.kernel.org/all/6e0becb36d2f5472053ac5d544c0edfe9b899e25.1730224...
Lorenzo Stoakes (4): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only
fs/hugetlbfs/inode.c | 2 +- include/linux/fs.h | 4 +- include/linux/memfd.h | 14 ++++ include/linux/mm.h | 82 +++++++++++++++------- kernel/fork.c | 2 +- mm/filemap.c | 2 +- mm/madvise.c | 2 +- mm/memfd.c | 2 +- mm/mmap.c | 12 ++-- mm/shmem.c | 2 +- tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++ 11 files changed, 131 insertions(+), 36 deletions(-)