Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized features"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 30, 2023 at 8:57 AM Peter Xu <peterx@xxxxxxxxxx> wrote:
>
> This is a proposal to revert commit 914eedcb9ba0ff53c33808.
>
> I found this when writting a simple UFFDIO_API test to be the first unit
> test in this set.  Two things breaks with the commit:
>
>   - UFFDIO_API check was lost and missing.  According to man page, the
>   kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa.  This
>   check is needed if the api version will be extended in the future, or
>   user app won't be able to identify which is a new kernel.

100% agreed, this was a mistake.

>
>   - Feature flags checks were removed, which means UFFDIO_API with a
>   feature that does not exist will also succeed.  According to the man
>   page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if
>   unknown features passed in.

I still strongly disagree with reverting this part, my feeling is
still that doing so makes things more complicated for no reason.

Re: David's point, it's clearly wrong to change semantics so a thing
that used to work now fails. But this instead makes it more permissive
- existing userspace programs continue to work as-is, but *also* one
can achieve the same thing more simply (combine probing +
configuration into one step). I don't see any problem with that,
generally.

But, if David and others don't find my argument convincing, it isn't
the end of the world. It just means I have to go update my userspace
code to be a bit more complicated. :)

I also still think the man page is incorrect or at least incomplete no
matter what we do here; we should be sure to update it as a follow-up.

>
> Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@xxxxxxxxxx
> Cc: Axel Rasmussen <axelrasmussen@xxxxxxxxxx>
> Cc: linux-stable <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Peter Xu <peterx@xxxxxxxxxx>
> ---
>  fs/userfaultfd.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 8395605790f6..3b2a41c330e6 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1977,8 +1977,10 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx,
>         ret = -EFAULT;
>         if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api)))
>                 goto out;
> -       /* Ignore unsupported features (userspace built against newer kernel) */
> -       features = uffdio_api.features & UFFD_API_FEATURES;
> +       features = uffdio_api.features;
> +       ret = -EINVAL;
> +       if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES))
> +               goto err_out;
>         ret = -EPERM;
>         if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE))
>                 goto err_out;
> --
> 2.39.1
>





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux