patches/old/revert-userfaultfd-dont-fail-on-unrecognized-features.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: Peter Xu <peterx@redhat.com>
 Subject: Revert "userfaultfd: don't fail on unrecognized features"
 Date: Wed, 12 Apr 2023 12:38:52 -0400

 This is a proposal to revert commit 914eedcb9ba0ff53c33808.

 I found this when writing a simple UFFDIO_API test to be the first unit
 test in this set.  Two things breaks with the commit:

   - UFFDIO_API check was lost and missing.  According to man page, the
   kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa.  This
   check is needed if the api version will be extended in the future, or
   user app won't be able to identify which is a new kernel.

   - Feature flags checks were removed, which means UFFDIO_API with a
   feature that does not exist will also succeed.  According to the man
   page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if
   unknown features passed in.

 Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@google.com
 Link: https://lkml.kernel.org/r/20230412163922.327282-2-peterx@redhat.com
 Fixes: 914eedcb9ba0 ("userfaultfd: don't fail on unrecognized features")
 Signed-off-by: Peter Xu <peterx@redhat.com>
 Acked-by: David Hildenbrand <david@redhat.com>
 Cc: Axel Rasmussen <axelrasmussen@google.com>
 Cc: Dmitry Safonov <0x7f454c46@gmail.com>
 Cc: Mike Kravetz <mike.kravetz@oracle.com>
 Cc: Mike Rapoport (IBM) <rppt@kernel.org>
 Cc: Zach O'Keefe <zokeefe@google.com>
 Cc: <stable@vger.kernel.org>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  fs/userfaultfd.c |    6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)

 --- a/fs/userfaultfd.c~revert-userfaultfd-dont-fail-on-unrecognized-features
 +++ a/fs/userfaultfd.c
 @@ -1955,8 +1955,10 @@ static int userfaultfd_api(struct userfa
  	ret = -EFAULT;
  	if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api)))
  		goto out;
 -	/* Ignore unsupported features (userspace built against newer kernel) */
 -	features = uffdio_api.features & UFFD_API_FEATURES;
 +	features = uffdio_api.features;
 +	ret = -EINVAL;
 +	if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES))
 +		goto err_out;
  	ret = -EPERM;
  	if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE))
  		goto err_out;
 _
	From: Peter Xu <peterx@redhat.com>
	Subject: Revert "userfaultfd: don't fail on unrecognized features"
	Date: Wed, 12 Apr 2023 12:38:52 -0400

	This is a proposal to revert commit 914eedcb9ba0ff53c33808.

	I found this when writing a simple UFFDIO_API test to be the first unit
	test in this set. Two things breaks with the commit:

	- UFFDIO_API check was lost and missing. According to man page, the
	kernel should reject ioctl(UFFDIO_API) if uffdio_api.api != 0xaa. This
	check is needed if the api version will be extended in the future, or
	user app won't be able to identify which is a new kernel.

	- Feature flags checks were removed, which means UFFDIO_API with a
	feature that does not exist will also succeed. According to the man
	page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if
	unknown features passed in.

	Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@google.com
	Link: https://lkml.kernel.org/r/20230412163922.327282-2-peterx@redhat.com
	Fixes: 914eedcb9ba0 ("userfaultfd: don't fail on unrecognized features")
	Signed-off-by: Peter Xu <peterx@redhat.com>
	Acked-by: David Hildenbrand <david@redhat.com>
	Cc: Axel Rasmussen <axelrasmussen@google.com>
	Cc: Dmitry Safonov <0x7f454c46@gmail.com>
	Cc: Mike Kravetz <mike.kravetz@oracle.com>
	Cc: Mike Rapoport (IBM) <rppt@kernel.org>
	Cc: Zach O'Keefe <zokeefe@google.com>
	Cc: <stable@vger.kernel.org>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	fs/userfaultfd.c \| 6 ++++--
	1 file changed, 4 insertions(+), 2 deletions(-)

	--- a/fs/userfaultfd.c~revert-userfaultfd-dont-fail-on-unrecognized-features
	+++ a/fs/userfaultfd.c
	@@ -1955,8 +1955,10 @@ static int userfaultfd_api(struct userfa
	ret = -EFAULT;
	if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api)))
	goto out;
	- /* Ignore unsupported features (userspace built against newer kernel) */
	- features = uffdio_api.features & UFFD_API_FEATURES;
	+ features = uffdio_api.features;
	+ ret = -EINVAL;
	+ if (uffdio_api.api != UFFD_API \|\| (features & ~UFFD_API_FEATURES))
	+ goto err_out;
	ret = -EPERM;
	if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE))
	goto err_out;
	_