On Mon 06-10-25 16:04:23, Ryan Roberts wrote:
On 06/10/2025 15:55, Jan Kara wrote:
On Fri 03-10-25 16:52:36, Ryan Roberts wrote:
fsnotify_mmap_perm() requires a byte offset for the file about to be mmap'ed. But it is called from vm_mmap_pgoff(), which has a page offset. Previously the conversion was done incorrectly so let's fix it, being careful not to overflow on 32-bit platforms.
Discovered during code review.
Cc: stable@vger.kernel.org Fixes: 066e053fe208 ("fsnotify: add pre-content hooks on mmap()") Signed-off-by: Ryan Roberts ryan.roberts@arm.com
Applies against today's mm-unstable (aa05a436eca8).
Thanks Ryan! I've added the patch to my tree. As a side note, I know the callsite is in mm/ but since this is clearly impacting fsnotify, it would be good to add to CC relevant people (I'm not following linux-mm nor linux-kernel) and discovered this only because of Kiryl's link...
Ahh good point... Sorry I was sleepwalking through the process on Friday afternoon and blindly sent it to the maintainers and reviewers that get_maintainer.pl spat out. It didn't even occur to me that this wasn't an mm thing. :-|
No harm done really. The change is an obvious fix and it would find its way to the kernel sooner or later. As I wrote above, this is just a note for the future to think a bit about patch recipients before hitting send :) It may help to get the patch merged faster.
Honza
mm/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mm/util.c b/mm/util.c index 6c1d64ed0221..8989d5767528 100644 --- a/mm/util.c +++ b/mm/util.c @@ -566,6 +566,7 @@ unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flag, unsigned long pgoff) {
- loff_t off = (loff_t)pgoff << PAGE_SHIFT; unsigned long ret; struct mm_struct *mm = current->mm; unsigned long populate;
@@ -573,7 +574,7 @@ unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr,
ret = security_mmap_file(file, prot, flag); if (!ret)
ret = fsnotify_mmap_perm(file, prot, pgoff >> PAGE_SHIFT, len);
ret = fsnotify_mmap_perm(file, prot, off, len);-- 2.43.0