On Wed, Jul 30, 2025 at 10:23:54AM -0700, Isaac Manjarres wrote:
On Wed, Jul 30, 2025 at 03:21:48PM +0100, Lorenzo Stoakes wrote:
Hi Isaac,
Thanks very much for all your hard work on this!
I'll respond to this one, but this is a general comment for all the backports.
I just wonder if this is what backporting is for - really this is a new feature, yes the documentation is incorrect, which is why I made the change, but it's sort of debatable if that's a bug or a new feature.
Hi Lorenzo,
Thanks for your feedback on this. That's a good question. The rationale that I had when backporting these fixes was: The original intent of F_SEAL_WRITE was to just prevent any writes to region after it had been write-sealed, and that the existing behavior on older kernels may have been a result of oversight or just an accident, making it a bug. So fixing it would be fixing a bug that has been around for a while. I hadn't really thought of it as a new feature.
Right, makes sense.
I also learned recently that, at least for Android, there were attempts in the past to map write-sealed memfds as read-only and shared, which failed. This was surprising to developers, and they ended up working around it. I'm not sure why it wasn't reported then, but this being a surprise to multiple developers makes it feel like more of a bug to me on older kernels.
Yeah I always felt the behaviour was surprising, which was what motivated me in the first place (though at Andy's prompting I believe).
Having said that, I'm not against you doing this, just wondering about that.
Also - what kind of testing have you do on these series?
I did the following tests:
- I have a unit test that tries to map write-sealed memfds as
read-only and shared. I verified that this works for each kernel version that this series is being applied to.
- Android devices do use memfds as well, so I did try these patches out
on a device running each kernel version, and tried boot testing, using several apps/games. I was looking for functional failures in these scenarios but didn't encounter any.
Do you have any other recommendations of what I should test?
No, that sounds good to me! Thank you for taking the time to implement and carefully check this :)
In this case I have no objections to these backports!
Cheers, Lorenzo