On Wed, Jul 30, 2025 at 03:21:48PM +0100, Lorenzo Stoakes wrote:
Hi Isaac,
Thanks very much for all your hard work on this!
I'll respond to this one, but this is a general comment for all the backports.
I just wonder if this is what backporting is for - really this is a new feature, yes the documentation is incorrect, which is why I made the change, but it's sort of debatable if that's a bug or a new feature.
Hi Lorenzo,
Thanks for your feedback on this. That's a good question. The rationale that I had when backporting these fixes was: The original intent of F_SEAL_WRITE was to just prevent any writes to region after it had been write-sealed, and that the existing behavior on older kernels may have been a result of oversight or just an accident, making it a bug. So fixing it would be fixing a bug that has been around for a while. I hadn't really thought of it as a new feature.
I also learned recently that, at least for Android, there were attempts in the past to map write-sealed memfds as read-only and shared, which failed. This was surprising to developers, and they ended up working around it. I'm not sure why it wasn't reported then, but this being a surprise to multiple developers makes it feel like more of a bug to me on older kernels.
Having said that, I'm not against you doing this, just wondering about that.
Also - what kind of testing have you do on these series?
I did the following tests:
1. I have a unit test that tries to map write-sealed memfds as read-only and shared. I verified that this works for each kernel version that this series is being applied to.
2. Android devices do use memfds as well, so I did try these patches out on a device running each kernel version, and tried boot testing, using several apps/games. I was looking for functional failures in these scenarios but didn't encounter any.
Do you have any other recommendations of what I should test?
Thanks, Isaac
Cheers, Lorenzo
On Tue, Jul 29, 2025 at 06:53:58PM -0700, Isaac J. Manjarres wrote:
Hello,
Until kernel version 6.7, a write-sealed memfd could not be mapped as shared and read-only. This was clearly a bug, and was not inline with the description of F_SEAL_WRITE in the man page for fcntl()[1].
Lorenzo's series [2] fixed that issue and was merged in kernel version 6.7, but was not backported to older kernels. So, this issue is still present on kernels 5.4, 5.10, 5.15, 6.1, and 6.6.
This series consists of backports of two of Lorenzo's series [2] and [3].
Note: for [2], I dropped the last patch in that series, since it wouldn't make sense to apply it due to [4] being part of this tree. In lieu of that, I backported [3] to ultimately allow write-sealed memfds to be mapped as read-only.
[1] https://man7.org/linux/man-pages/man2/fcntl.2.html [2] https://lore.kernel.org/all/913628168ce6cce77df7d13a63970bae06a526e0.1697116... [3] https://lkml.kernel.org/r/99fc35d2c62bd2e05571cf60d9f8b843c56069e0.173280477... [4] https://lore.kernel.org/all/6e0becb36d2f5472053ac5d544c0edfe9b899e25.1730224...
Lorenzo Stoakes (4): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only
fs/hugetlbfs/inode.c | 2 +- include/linux/fs.h | 4 +- include/linux/memfd.h | 14 ++++ include/linux/mm.h | 80 +++++++++++++++------- kernel/fork.c | 2 +- mm/filemap.c | 2 +- mm/madvise.c | 2 +- mm/memfd.c | 2 +- mm/mmap.c | 10 ++- mm/shmem.c | 2 +- tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++ 11 files changed, 129 insertions(+), 34 deletions(-)
-- 2.50.1.552.g942d659e1b-goog