Skip to content

Commit

Permalink
secretmem: Prevent secretmem_users from wrapping to zero
Browse files Browse the repository at this point in the history
Commit 1108605 ("mm/secretmem: use refcount_t instead of atomic_t")
attempted to fix the problem of secretmem_users wrapping to zero and
allowing suspend once again.

But it was reverted in commit 87066fd ("Revert 'mm/secretmem: use
refcount_t instead of atomic_t'") because of the problems it caused - a
refcount_t was not semantically the right type to use.

Instead prevent secretmem_users from wrapping to zero by forbidding new
users if the number of users has wrapped from positive to negative.
This stops a long way short of reaching the necessary 4 billion users
where it wraps to zero again, so there's no need to be clever with
special anti-wrap types or checking the return value from atomic_inc().

Signed-off-by: Matthew Wilcox (Oracle) <[email protected]>
Cc: Jordy Zomer <[email protected]>
Cc: Kees Cook <[email protected]>,
Cc: James Bottomley <[email protected]>
Cc: Mike Rapoport <[email protected]>
Cc: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
Matthew Wilcox (Oracle) authored and torvalds committed Oct 25, 2021
1 parent ac8a6eb commit cb68543
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions mm/secretmem.c
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,8 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)

if (flags & ~(SECRETMEM_FLAGS_MASK | O_CLOEXEC))
return -EINVAL;
if (atomic_read(&secretmem_users) < 0)
return -ENFILE;

fd = get_unused_fd_flags(flags & O_CLOEXEC);
if (fd < 0)
Expand Down

0 comments on commit cb68543

Please sign in to comment.