On Mon, Jul 11, 2022 at 09:59:06AM -0700, Nadav Amit wrote:
> From: Nadav Amit <namit@xxxxxxxxxx>
>
> Commit 824ddc601adc ("userfaultfd: provide unmasked address on
> page-fault") was introduced to fix an old bug, in which the offset in
> the address of a page-fault was masked. Concerns were raised - although
> were never backed by actual code - that some userspace code might break
> because the bug has been around for quite a while. To address these
> concerns a new flag was introduced, and only when this flag is set by
> the user, userfaultfd provides the exact address of the page-fault.
>
> The commit however had a bug, and if the flag is unset, the offset was
> always masked based on a base-page granularity. Yet, for huge-pages, the
> behavior prior to the commit was that the address is masked to the
> huge-page granulrity.
>
> While there are no reports on real breakage, fix this issue. If the flag
> is unset, use the address with the masking that was done before.
>
> Fixes: 824ddc601adc ("userfaultfd: provide unmasked address on page-fault")
> Reported-by: James Houghton <jthoughton@xxxxxxxxxx>
> Cc: Peter Xu <peterx@xxxxxxxxxx>
> Cc: David Hildenbrand <david@xxxxxxxxxx>
> Cc: Mike Rapoport <rppt@xxxxxxxxxxxxx>
> Cc: Jan Kara <jack@xxxxxxx>
> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Nadav Amit <namit@xxxxxxxxxx>
Reviewed-by: Peter Xu <peterx@xxxxxxxxxx>
--
Peter Xu
