!10764 CVE-2024-41027 (ec0e9a4b) · Commits · EulixOS / Software / Kernel

fs/userfaultfd.c

+14 −2

Original line number	Diff line number	Diff line
		@@ -1306,8 +1306,12 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
		goto out;
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_MISSING)
		vm_flags \|= VM_UFFD_MISSING;
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP)
		if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP) {
		#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP
		goto out;
		#endif
		vm_flags \|= VM_UFFD_WP;
		}

		ret = validate_range(mm, uffdio_register.range.start,
		uffdio_register.range.len);
		@@ -1880,13 +1884,21 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx,
		goto out;
		features = uffdio_api.features;
		ret = -EINVAL;
		if (uffdio_api.api != UFFD_API \|\| (features & ~UFFD_API_FEATURES))
		if (uffdio_api.api != UFFD_API)
		goto err_out;
		ret = -EPERM;
		if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE))
		goto err_out;
		/* report all available features and ioctls to userland */
		uffdio_api.features = UFFD_API_FEATURES;
		#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP
		uffdio_api.features &= ~UFFD_FEATURE_PAGEFAULT_FLAG_WP;
		#endif

		ret = -EINVAL;
		if (features & ~uffdio_api.features)
		goto err_out;

		uffdio_api.ioctls = UFFD_API_IOCTLS;
		ret = -EFAULT;
		if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))