ACK: [SRU N][PATCH 0/1] Fix write-sealed memfd mappings which are read-only

Edoardo Canepa edoardo.canepa at canonical.com
Tue Jan 13 09:04:19 UTC 2026 

Acked-by: Edoardo Canepa <edoardo.canepa at canonical.com>

On 1/12/26 18:33, Stefan Bader wrote:
> BugLink: https://bugs.launchpad.net/bugs/2138244
>
> == SRU Justification ==
>
> Impact:
> This was found by kernel selftests after backporting changes which attempt to do this.
>
> The relevant backport history for noble:linux is:
>
> Ubuntu-6.8.0-98.98
> 5045339a33e8 selftests/memfd: add test for mapping write-sealed memfd read-only
> Ubuntu-6.8.0-60.63
> 13ce5fc940ea mm: reinstate ability to map write-sealed memfd mappings read-only
> Ubuntu-6.8.0-58.60 (used linux-6.6.y for backport)
> ca868840feb4 mm: resolve faulty mmap_region() error path behaviour
> v6.7 (part of rebase to 6.8)
> 158978945f31 mm: perform the mapping_map_writable() check after call_mmap()
> 28464bbb2ddc mm: update memfd seal write check to include F_SEAL_WRITE
> e8e17ee90eaf mm: drop the assumption that VM_SHARED always implies writable
>
> For Noble we followed upstream order but upstream stable picked one change out of that order and we used that when doing our backport. However that lost using is_shared_maywrite():
>
> v6.6.103
> 5dd481868eb1 selftests/memfd: add test for mapping write-sealed memfd read-only
> 2e4179698f84 mm: reinstate ability to map write-sealed memfd mappings read-only
> 87a75f68eaba mm: update memfd seal write check to include F_SEAL_WRITE
> 17c5d49beb6c mm: drop the assumption that VM_SHARED always implies writable
>               ^ Modifies the coded added in 6.6.63 but not picked into noble
>                 as is is already there (6.7)
> v6.6.63
> bdc136e2b05f mm: resolve faulty mmap_region() error path behaviour
>               ^ Backport out of order is_shared_maywrite() is avoided
>
> That resulted in the following subtle error when moving code:
> ...
> - if (vma_is_shared_maywrite(vma)) {
> ...
> + if (file && (vm_flags & VM_SHARED)) {
>
> Which results in the behavior reverting to the previous incorrect way.
>
> Fix:
> The fix is to fix up the one incorrectly backported line to use is_shared_maywrite(vm_flags) instead.
>
> Testing:
> ubuntu_kernel_selftests.memfd:memfd_test should not longer fail with:
>
> 09:21:12 DEBUG| [stdout] # memfd: SEAL-FUTURE-WRITE
> 09:21:12 DEBUG| [stdout] # memfd: SEAL-WRITE-MAP-READ
> 09:21:12 DEBUG| [stdout] # mmap() failed: Operation not permitted
> 09:21:12 DEBUG| [stdout] # /usr/bin/timeout: the monitored command dumped core
> 09:21:12 DEBUG| [stdout] # Aborted
> 09:21:12 DEBUG| [stdout] not ok 1 selftests: memfd: memfd_test # exit=134
>
>
> Stefan Bader (1):
>    UBUNTU: SAUCE: Fix read-only mapping of write-sealed pages
>
>   mm/mmap.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260113/4cf80e7e/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260113/4cf80e7e/attachment.sig>

More information about the kernel-team mailing list