From 0b2758f48f22b173963f39e553d0ecd05f3b4433 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Fri, 6 Mar 2026 09:10:36 -0800 Subject: [PATCH] Require (reasonably) normal mappings for MADV_DOFORK This came up as a result of the tracing fix pull request, and commit e39bb9e02b68 ("tracing: Fix WARN_ON in tracing_buffers_mmap_close") in particular. The use of MADV_DOFORK confused the ring buffer mapping reference counting just because it was unexpected, since the mapping was originally done with VM_DONTCOPY. The tracing code may well be the only case of this (and fixed it all by just using the mmap open callback to unconfuse itself), but it's just strange that we allow MADV_DOFORK on special mappings where the kernel has set the "don't copy this" bit. The code already disallowed it for VM_IO mappings (going back to the original commit f822566165dd: "madvise MADV_DONTFORK/MADV_DOFORK"), so just extend it to any of the VM_SPECIAL cases (which includes VM_DONTEXPAND | VM_PFNMAP | VM_MIXEDMAP in addition to VM_IO). We could also allow MADV_DOFORK only on mappings that had been marked DONTFORK by the user. But that would require us to track that (presumably with another VM_xyz bit), so let's just do this trivial and straightforward modifications. If anybody notices, Lorenzo will be boarding Flying Pig Airlines. Suggested-by: David Hildenbrand (Arm) Reviewed-by: Lorenzo Stoakes (Oracle) Link: https://lore.kernel.org/all/a8907468-d7e9-4727-af28-66d905093230@kernel.org/ Cc: Steven Rostedt Cc: Jason Gunthorpe Signed-off-by: Linus Torvalds --- mm/madvise.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/madvise.c b/mm/madvise.c index c0370d9b4e23..dbb69400786d 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1389,7 +1389,7 @@ static int madvise_vma_behavior(struct madvise_behavior *madv_behavior) new_flags |= VM_DONTCOPY; break; case MADV_DOFORK: - if (new_flags & VM_IO) + if (new_flags & VM_SPECIAL) return -EINVAL; new_flags &= ~VM_DONTCOPY; break;