On Thu, Mar 30, 2023 at 8:57 AM Peter Xu <peterx@xxxxxxxxxx> wrote: > > This is a proposal to revert commit 914eedcb9ba0ff53c33808. > > I found this when writting a simple UFFDIO_API test to be the first unit > test in this set. Two things breaks with the commit: > > - UFFDIO_API check was lost and missing. According to man page, the > kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa. This > check is needed if the api version will be extended in the future, or > user app won't be able to identify which is a new kernel. 100% agreed, this was a mistake. > > - Feature flags checks were removed, which means UFFDIO_API with a > feature that does not exist will also succeed. According to the man > page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if > unknown features passed in. I still strongly disagree with reverting this part, my feeling is still that doing so makes things more complicated for no reason. Re: David's point, it's clearly wrong to change semantics so a thing that used to work now fails. But this instead makes it more permissive - existing userspace programs continue to work as-is, but *also* one can achieve the same thing more simply (combine probing + configuration into one step). I don't see any problem with that, generally. But, if David and others don't find my argument convincing, it isn't the end of the world. It just means I have to go update my userspace code to be a bit more complicated. :) I also still think the man page is incorrect or at least incomplete no matter what we do here; we should be sure to update it as a follow-up. > > Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@xxxxxxxxxx > Cc: Axel Rasmussen <axelrasmussen@xxxxxxxxxx> > Cc: linux-stable <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Peter Xu <peterx@xxxxxxxxxx> > --- > fs/userfaultfd.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c > index 8395605790f6..3b2a41c330e6 100644 > --- a/fs/userfaultfd.c > +++ b/fs/userfaultfd.c > @@ -1977,8 +1977,10 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, > ret = -EFAULT; > if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api))) > goto out; > - /* Ignore unsupported features (userspace built against newer kernel) */ > - features = uffdio_api.features & UFFD_API_FEATURES; > + features = uffdio_api.features; > + ret = -EINVAL; > + if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES)) > + goto err_out; > ret = -EPERM; > if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE)) > goto err_out; > -- > 2.39.1 >
