lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2d35e5f7-2edc-4ef0-b71b-82186c0627b0@yandex.ru>
Date: Sat, 23 Nov 2024 18:13:01 +0300
From: stsp <stsp2@...dex.ru>
To: Linux kernel <linux-kernel@...r.kernel.org>
Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>,
 Peter Xu <peterx@...hat.com>
Subject: userfaultfd: two-step UFFDIO_API always gives -EINVAL

Hello.

I tried to use userfaultfd and got
that strange result: when I first do
UFFDIO_API ioctl with features = 0,
it succeeds. I check the needed
features, and they are all in place.
But on the second step, where I
request the needed features,
UFFDIO_API gives -EINVAL no matter
what features I requested (or even
set features to 0 again).

A quick look into the kernel code
suggests that the problem is that
uffd_ctx_features() doesn't check
user_features for being 0, and just
sets UFFD_FEATURE_INITIALIZED
with no features at all. After that,
userfaultfd_api() should always
fail with -EINVAL when doing this:

ctx_features = uffd_ctx_features(features);
ret = -EINVAL;
if (cmpxchg(&ctx->features, 0, ctx_features) != 0)
         goto err_out;

But I haven't checked my finding
by rebuilding the kernel.
So is this broken or am I missing
something?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ