From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 400C5C761A6 for ; Thu, 30 Mar 2023 19:04:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7D4B4900002; Thu, 30 Mar 2023 15:04:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 783796B0078; Thu, 30 Mar 2023 15:04:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 64CFF900002; Thu, 30 Mar 2023 15:04:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 58A4F6B0074 for ; Thu, 30 Mar 2023 15:04:50 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 2B7C8AC845 for ; Thu, 30 Mar 2023 19:04:50 +0000 (UTC) X-FDA: 80626491540.13.3F6AA69 Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171]) by imf19.hostedemail.com (Postfix) with ESMTP id 358E11A0017 for ; Thu, 30 Mar 2023 19:04:47 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=dV0eOrY6; spf=pass (imf19.hostedemail.com: domain of axelrasmussen@google.com designates 209.85.208.171 as permitted sender) smtp.mailfrom=axelrasmussen@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680203088; a=rsa-sha256; cv=none; b=6Im3/5Zeq3dPtWRCRgMOs41f/FPZ5SsuUZnCXQtgw4o/qgJxuoO21lt8LAelLsfigVO+cT GtUDn6Dg+OXu3FNE5wLzXd8AgTBjUaqowybvBt4ciO9r13cwOGm0eMntVLP11lXUAS8dXU gJsFjjYrL7vhhQ71jtLvabSvbTEQ6M8= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=dV0eOrY6; spf=pass (imf19.hostedemail.com: domain of axelrasmussen@google.com designates 209.85.208.171 as permitted sender) smtp.mailfrom=axelrasmussen@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680203088; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ViRntU/RBw/t4ZG4j3zD5QSxaRXCjDm7pTbD6yzt3a8=; b=xqtKCzPEfME0FexnIisZEu+VPPzcAEplPoC1kQNYJkus1RVRbb6gVWPQrh1XhAxvQMEXHV w+ApIQXHw2CyNYKfUP9BlHmmQn5eiZEnqwgHwApo+d3/h8z0DXgXfBu2uszokPU2pe7ky/ zE548E/gyczgPbTZmdM2RbuILvqUwas= Received: by mail-lj1-f171.google.com with SMTP id b6so642004ljr.1 for ; Thu, 30 Mar 2023 12:04:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680203086; x=1682795086; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ViRntU/RBw/t4ZG4j3zD5QSxaRXCjDm7pTbD6yzt3a8=; b=dV0eOrY64A8f3Aifg1ktecdTLHjwppffuR9U+jgLkYvX5MPPYsv9GweFII+I3t3v0o 9jDUXsvJMrPGEHZdm2GTi65Hfmw3a4ibc8v8r1yPTfDacXDy2tuui059sb/LWhFr6H+H UP9us03F/CeqELxCEVFGNRLtAJxBsJVpPwkAky/qVzjej7ZzN8fa8tNm2d3W32e31tbu BtK/YWj1gJaR8aOw8FQ95nsRGqgYD9gg/k+zm6oxnRW5a1ko9Odd1OOYs48mxEoGd5eX c3+9Vum6jH3lt36eOSVGmAFLUpEM4wQoaph53BHMmdalSnMjSX5gQGgZ+DPtuMYw0KF/ Yx4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680203086; x=1682795086; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ViRntU/RBw/t4ZG4j3zD5QSxaRXCjDm7pTbD6yzt3a8=; b=8PTknnd8bZfJAeb6iM+57wJjVFmfva8dGgZa7xTjFtM+ClzjnvTTUn9CoIBUisc63a tyVRQsF2BlPGtjXqOuf2uqQ7hzFsKODaJOgw4o9Zo3NRyKYwvabsTszFhQyeS1xRD9tT qgiIvTnJUouwgdcvaVJOETYflI1dgn/G4zzMQugSSrFcCe7LdUpCJr9k+VqqIEuAvTIK yz8qXjz1TH8SDJO9a2J9IEdAkWW/SurUemxDeLxK/r1WHGqa0PmHpEERfLvF3Eo73TdH XcG6kwy6npA152W4If6OETbjYbPZN8GDKaV/Ln2/a8V9ySkyAP2Ojg5TYfy+wpTkDRfH ApCw== X-Gm-Message-State: AAQBX9cZxDzFdcvDaQCPoqgZUHefP02Y5Th1ljXMHFyZ/FkaO9xuNlYI OdA/55QYKB88DEFs/XoWNF5TgrRtBB0ewQnI4ZQ/ww== X-Google-Smtp-Source: AKy350ZvsfzrmBwt4dNUcCAGb/P/J4h6ZV4gG939299gXsIjuhp+FqawIQXRd32zcR9EZBP4mKkY9XmmXGBdtQgJZ6o= X-Received: by 2002:a2e:3203:0:b0:299:9de5:2f0c with SMTP id y3-20020a2e3203000000b002999de52f0cmr7643353ljy.6.1680203086265; Thu, 30 Mar 2023 12:04:46 -0700 (PDT) MIME-Version: 1.0 References: <20230330155707.3106228-1-peterx@redhat.com> <20230330155707.3106228-2-peterx@redhat.com> In-Reply-To: <20230330155707.3106228-2-peterx@redhat.com> From: Axel Rasmussen Date: Thu, 30 Mar 2023 12:04:09 -0700 Message-ID: Subject: Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized features" To: Peter Xu Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Mike Kravetz , Andrew Morton , Andrea Arcangeli , Mike Rapoport , Nadav Amit , Leonardo Bras Soares Passos , David Hildenbrand , linux-stable Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: 358E11A0017 X-Rspamd-Server: rspam01 X-Stat-Signature: w5iog66sug5rmzn8mah8i5esy38pcd13 X-HE-Tag: 1680203087-817708 X-HE-Meta: U2FsdGVkX1/IY0sTLq/txo1Xmw6czlqHd444Wim8fgaY1rne9N7F390wPrTRwJOeKwywYJ/W6935gQq6cyk2s+BIgIAt7VoTCbG+DeXna3QvcLaQzNZW8dj6jPyxwc5NlBcS99raITTx6Eja3krLe+Qhw230WI8SGw6IXasrh3dKwHYIXLEDj2KI77A/5j7xYLWIo77gMiNwBb0Yf7x4SK28xfJRsriqwAG5LtwHS2XNV3bKUuEHPv98EPvrUn12ifsO+sxyUthp0VDdbP/YcevYSpCoDK1la5o1D09s8iHJCCMdolz4Tq0AYipH9H7jCzcpS3DpDYA1hcp8DcPIgTjPG0GyCuGqFKf+CCRHvxvYas56AH4dXp8woFYQMjvqx95cxIagIZ9HqFKBpCXvnwS2XuCj2hArhN8B0u6HYMAOYQ0b+LkRy1rTMGfJr3YFtbtfP6OFLZGLkOHSzoXiq7Iqjy9YadqWUTG7QQ2ZXbscjz3dPRr8eB38GTpV9BBEhS3hPd5Ha4JDtOsz51SbqYZXGMlb5FW38ttScCdJszUR0jE5mb88jIjaiBr4Q13OMdW52MPwG7Pv78oYPQyszduooRAoEdT2iCa4ux6zjGu/EqqVMbrf9aMmGknQ51oh+XtkHAMbXhyYJ1Iuy1AP9tbr0TFP5h8nA3gOS0mdTCGgRuj7JWCfCqmp+rTbIBn5wV5xwuGVjTSN3UDd8oyj9z8vhKQxCpDVnfGqHbLPRZjcFi+LX28hzojDm4UjC8EZsgn4rsiNbCjkmNZ8iKRsWtbDu+6tKDZjLU6MIQhpq3LsWn+8PojkVFk99X+3K3QkN6ebzGVQgualow35GXdoYoTv3UHEbkXuO6FVAtulcVDeEb4K7l+yh8UP4lA5AMxkkaCzZodCseuCvKy4ovdQTpFtHUMULvWy+EFynX/7H/VlVzc/syHMV4fqK7N87H6JP7KA24XOOiCWjpd5KU2 ZyeRJU/v 83QDmEXyw095+s+sT6td6WBVcJFTbCxKq2JWM46z71cXBJw9jN+4tUEFRZ8budBucfNJrb59NnxivaGShrqiZ8l2DFu8Hpdn8rhKXqDmd8NFiQ97tik73raR6A1fWcz6eu4rNgyM+ZH0BpD3JQ5MOZg+Z8kgMc/DG4ZMe725jP6B/lAK9jjLOsf388gNoDWNvBhkS8aJmzEhjSCY2P2JUKcFmCey8OB9DypIXFmJ2y8msMyAxJf52JDhlZoipJYdxxCHT9vldRp1D4DE2wds7OOVCYRj6I7ykiZ/sFkkEKJAvVgOGFO/wbqNHVWI8KQUtjZhi4LARrosgllCxnPRKtiKaKexuOkv1zkb3B8Nph+OOSl+uh5vEJgXmA6uam8WPmbh6fB50VRefiha/4p9AiRi/hkb/+AJpdBM1DID8F8fpvc0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Mar 30, 2023 at 8:57=E2=80=AFAM Peter Xu wrote: > > This is a proposal to revert commit 914eedcb9ba0ff53c33808. > > I found this when writting a simple UFFDIO_API test to be the first unit > test in this set. Two things breaks with the commit: > > - UFFDIO_API check was lost and missing. According to man page, the > kernel should reject ioctl(UFFDIO_API) if uffdio_api.api !=3D 0xaa. Th= is > check is needed if the api version will be extended in the future, or > user app won't be able to identify which is a new kernel. 100% agreed, this was a mistake. > > - Feature flags checks were removed, which means UFFDIO_API with a > feature that does not exist will also succeed. According to the man > page, we should (and it makes sense) to reject ioctl(UFFDIO_API) if > unknown features passed in. I still strongly disagree with reverting this part, my feeling is still that doing so makes things more complicated for no reason. Re: David's point, it's clearly wrong to change semantics so a thing that used to work now fails. But this instead makes it more permissive - existing userspace programs continue to work as-is, but *also* one can achieve the same thing more simply (combine probing + configuration into one step). I don't see any problem with that, generally. But, if David and others don't find my argument convincing, it isn't the end of the world. It just means I have to go update my userspace code to be a bit more complicated. :) I also still think the man page is incorrect or at least incomplete no matter what we do here; we should be sure to update it as a follow-up. > > Link: https://lore.kernel.org/r/20220722201513.1624158-1-axelrasmussen@go= ogle.com > Cc: Axel Rasmussen > Cc: linux-stable > Signed-off-by: Peter Xu > --- > fs/userfaultfd.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c > index 8395605790f6..3b2a41c330e6 100644 > --- a/fs/userfaultfd.c > +++ b/fs/userfaultfd.c > @@ -1977,8 +1977,10 @@ static int userfaultfd_api(struct userfaultfd_ctx = *ctx, > ret =3D -EFAULT; > if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api))) > goto out; > - /* Ignore unsupported features (userspace built against newer ker= nel) */ > - features =3D uffdio_api.features & UFFD_API_FEATURES; > + features =3D uffdio_api.features; > + ret =3D -EINVAL; > + if (uffdio_api.api !=3D UFFD_API || (features & ~UFFD_API_FEATURE= S)) > + goto err_out; > ret =3D -EPERM; > if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRA= CE)) > goto err_out; > -- > 2.39.1 >