Commit 28bba2c2 authored Oct 03, 2025 by Ryan Roberts Committed by Andrew Morton Oct 07, 2025

fsnotify: pass correct offset to fsnotify_mmap_perm()

fsnotify_mmap_perm() requires a byte offset for the file about to be
mmap'ed.  But it is called from vm_mmap_pgoff(), which has a page offset. 
Previously the conversion was done incorrectly so let's fix it, being
careful not to overflow on 32-bit platforms.

Discovered during code review.

Link: https://lkml.kernel.org/r/20251003155238.2147410-1-ryan.roberts@arm.com


Fixes: 066e053f ("fsnotify: add pre-content hooks on mmap()")
Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Kiryl Shutsemau <kas@kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent f04aad36

mm/util.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -566,6 +566,7 @@ unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr,
		unsigned long len, unsigned long prot,
		unsigned long flag, unsigned long pgoff)
		{
		loff_t off = (loff_t)pgoff << PAGE_SHIFT;
		unsigned long ret;
		struct mm_struct *mm = current->mm;
		unsigned long populate;
		@@ -573,7 +574,7 @@ unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr,

		ret = security_mmap_file(file, prot, flag);
		if (!ret)
		ret = fsnotify_mmap_perm(file, prot, pgoff >> PAGE_SHIFT, len);
		ret = fsnotify_mmap_perm(file, prot, off, len);
		if (!ret) {
		if (mmap_write_lock_killable(mm))
		return -EINTR;