[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 58a039e679fe72bd0efa8b2abe669a7914bb4429
WARNING: Author mismatch between patch and upstream commit: Backport author: jianqi.ren.cn@windriver.com Commit author: Kirill A. Shutemovkirill.shutemov@linux.intel.com
Status in newer kernel trees: 6.13.y | Present (exact SHA1) 6.12.y | Present (exact SHA1)
Note: The patch differs from the upstream commit: --- 1: 58a039e679fe7 ! 1: 8ef52303f2705 mm: split critical region in remap_file_pages() and invoke LSMs in between @@ Metadata ## Commit message ## mm: split critical region in remap_file_pages() and invoke LSMs in between
+ [ Upstream commit 58a039e679fe72bd0efa8b2abe669a7914bb4429 ] + Commit ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") fixed a security issue, it added an LSM check when trying to remap file pages, so that LSMs have the opportunity to evaluate @@ Commit message Cc: Shu Han ebpqwerty472123@gmail.com Cc: Vlastimil Babka vbabka@suse.cz Signed-off-by: Andrew Morton akpm@linux-foundation.org + Signed-off-by: Jianqi Ren jianqi.ren.cn@windriver.com + Signed-off-by: He Zhe zhe.he@windriver.com
## mm/mmap.c ## @@ mm/mmap.c: SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, @@ mm/mmap.c: SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long
- if (mmap_write_lock_killable(mm)) + if (mmap_read_lock_killable(mm)) - return -EINTR; - ++ return -EINTR; ++ + /* + * Look up VMA under read lock first so we can perform the security + * without holding locks (which can be problematic). We reacquire a + * write lock later and check nothing changed underneath us. + */ - vma = vma_lookup(mm, start); - -- if (!vma || !(vma->vm_flags & VM_SHARED)) ++ vma = vma_lookup(mm, start); ++ + if (!vma || !(vma->vm_flags & VM_SHARED)) { + mmap_read_unlock(mm); + return -EINVAL; @@ mm/mmap.c: SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long + /* OK security check passed, take write lock + let it rip. */ + if (mmap_write_lock_killable(mm)) { + fput(file); -+ return -EINTR; + return -EINTR; + } -+ -+ vma = vma_lookup(mm, start); -+ + + vma = vma_lookup(mm, start); + +- if (!vma || !(vma->vm_flags & VM_SHARED)) + if (!vma) + goto out; + ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.6.y | Success | Success |