| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6eb02bdd-e69e-d277-c44c-0aefb23430bb@redhat.com>
Date: Thu, 30 Mar 2023 20:31:30 +0200
From: David Hildenbrand <david@...hat.com>
To: Peter Xu <peterx@...hat.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Cc: Mike Kravetz <mike.kravetz@...cle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrea Arcangeli <aarcange@...hat.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Axel Rasmussen <axelrasmussen@...gle.com>,
Nadav Amit <nadav.amit@...il.com>,
Leonardo Bras Soares Passos <lsoaresp@...hat.com>,
linux-stable <stable@...r.kernel.org>
Subject: Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized
features"
On 30.03.23 17:56, Peter Xu wrote:
> This is a proposal to revert commit 914eedcb9ba0ff53c33808.
>
> I found this when writting a simple UFFDIO_API test to be the first unit
> test in this set. Two things breaks with the commit:
>
> - UFFDIO_API check was lost and missing. According to man page, the
> kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa. This
> check is needed if the api version will be extended in the future, or
> user app won't be able to identify which is a new kernel.
Agreed.
>
> - Feature flags checks were removed, which means UFFDIO_API with a
> feature that does not exist will also succeed. According to the man
> page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if
> unknown features passed in.
>
Agreed.
I understand the motivation of the original commit, but it should not
have changed existing checks/functionality. Introducing a different way
to enable such functionality on explicit request would be better. But
maybe simple feature probing (is X support? is Y supported? is Z
supported) might be easier without requiring ABI changes.
I assume we better add
Fixes: 914eedcb9ba0 ("userfaultfd: don't fail on unrecognized features")
Acked-by: David Hildenbrand <david@...hat.com>
> Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@google.com
> Cc: Axel Rasmussen <axelrasmussen@...gle.com>
> Cc: linux-stable <stable@...r.kernel.org>
> Signed-off-by: Peter Xu <peterx@...hat.com>
> ---
> fs/userfaultfd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 8395605790f6..3b2a41c330e6 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1977,8 +1977,10 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx,
> ret = -EFAULT;
> if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api)))
> goto out;
> - /* Ignore unsupported features (userspace built against newer kernel) */
> - features = uffdio_api.features & UFFD_API_FEATURES;
> + features = uffdio_api.features;
> + ret = -EINVAL;
> + if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES))
> + goto err_out;
> ret = -EPERM;
> if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE))
> goto err_out;
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists