Commit ab54dce9 authored Aug 06, 2024 by Peter Xu Committed by Yongqiang Liu Aug 06, 2024

mm/userfaultfd: fail uffd-wp registration if not supported

mainline inclusion
from mainline-v5.14-rc1
commit 00b151f2
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEN5
CVE: CVE-2024-41027

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00b151f21f390f1e0b294720a3660506abaf49cd

--------------------------------

We should fail uffd-wp registration immediately if the arch does not even
have CONFIG_HAVE_ARCH_USERFAULTFD_WP defined.  That'll block also relevant
ioctls on e.g.  UFFDIO_WRITEPROTECT because that'll check against
VM_UFFD_WP, which can only be applied with a success registration.

Remove the WP feature bit too for those archs when handling UFFDIO_API
ioctl.

Link: https://lkml.kernel.org/r/20210428225030.9708-5-peterx@redhat.com


Signed-off-by: Peter Xu <peterx@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: Joe Perches <joe@perches.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Lokesh Gidra <lokeshgidra@google.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: Oliver Upton <oupton@google.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Wang Qing <wangqing@vivo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Conflicts:
	fs/userfaultfd.c
[Yongqiang: Only fix context]
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent e2301cae

fs/userfaultfd.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -1306,8 +1306,12 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
		goto out;
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_MISSING)
		vm_flags \|= VM_UFFD_MISSING;
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP)
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP) {
		#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP
		goto out;
		#endif
		vm_flags \|= VM_UFFD_WP;
		}

		ret = validate_range(mm, uffdio_register.range.start,
		uffdio_register.range.len);
		@@ -1887,6 +1891,9 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx,
		goto err_out;
		/* report all available features and ioctls to userland */
		uffdio_api.features = UFFD_API_FEATURES;
		#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP
		uffdio_api.features &= ~UFFD_FEATURE_PAGEFAULT_FLAG_WP;
		#endif
		uffdio_api.ioctls = UFFD_API_IOCTLS;
		ret = -EFAULT;
		if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))