From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95945C77B60 for ; Fri, 31 Mar 2023 18:08:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 23E256B0082; Fri, 31 Mar 2023 14:08:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1C93C6B0085; Fri, 31 Mar 2023 14:08:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 068AA6B0088; Fri, 31 Mar 2023 14:08:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E56F16B0082 for ; Fri, 31 Mar 2023 14:08:34 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A768D1604CB for ; Fri, 31 Mar 2023 18:08:34 +0000 (UTC) X-FDA: 80629978548.29.F214269 Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) by imf19.hostedemail.com (Postfix) with ESMTP id DBBFE1A0025 for ; Fri, 31 Mar 2023 18:08:31 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=TijtgZgJ; spf=pass (imf19.hostedemail.com: domain of 0x7f454c46@gmail.com designates 209.85.210.51 as permitted sender) smtp.mailfrom=0x7f454c46@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680286111; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=M3lL8ptrd/luySMEjAQve8KEssZBP6yJTIAyyXPQHgg=; b=rV476tdoNsHwhAQFPsXOvhEQyzR1d6k+ajOhJtbtaI4HlJMTWKe+HaUVJ/39psZqpn+3v0 X/F12Jb8sMNx3h3cZYtZdRjaRaQtK4isgLwteHVnsJvlZFyGf8d02hNlU5P0mDT+GyzEbX eni0dAi96mNsBUzyjthjx8EctJYXp8Y= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=TijtgZgJ; spf=pass (imf19.hostedemail.com: domain of 0x7f454c46@gmail.com designates 209.85.210.51 as permitted sender) smtp.mailfrom=0x7f454c46@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680286111; a=rsa-sha256; cv=none; b=oCgF6/3zuK830ztIdNGhuuCjXQcc5szipMPM4c/Z/n0dqQL8rB892P6TH0+zCJcvZ85/HU ruePy1tcx+JxMENWc6SKJcHyImqDWFPK7Ss5KostNpla1urPphqkh+WdLM4S49nYzfhrYL cpUuQXpEffSYg0XwlzgkGmeLUo2Q4Ts= Received: by mail-ot1-f51.google.com with SMTP id r40-20020a05683044a800b006a14270bc7eso8938701otv.6 for ; Fri, 31 Mar 2023 11:08:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680286111; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=M3lL8ptrd/luySMEjAQve8KEssZBP6yJTIAyyXPQHgg=; b=TijtgZgJPoSAkrcF9V9ctcDVZf1Gr7uaoWdV1AaSjm/KZE5h4sYlBoiTiAt9zc1eCT bEzo5N3F1nEvBlji5hWX5MiJWmvZ4/j1AY1gk3EaP6GT+eGUy5iA1vfl34lH6syE08ih 5m+fEYn4UId09hnyghSoIsBqnVREoKJ8cktxaK3unfkBnREtG+Tvg7W0FV9yFKoyTZ28 7RspSMLiGq/E5fUE0YWIYczKAThUMo5PGLplYoO3wc0tbyvULkxXR5Wdd8hGWdjz9Ki/ n8HzZzHwhI8BbETWOExrjzXGl+KiuUgdPOU4xcX+xg6NhdUtZvU71oUmjKhit4SAKBYP 03KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680286111; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M3lL8ptrd/luySMEjAQve8KEssZBP6yJTIAyyXPQHgg=; b=JtYzk8LenkiYqTkjeTHLl8Wa75ZYboinXbK+10uWTiT1npCvMOvVgv1RqY+EGPCWTu y6Sy9dJQD4U/Pxb44kDQi/jsX5RuyRDJ8/TBdNI2U8e2QOqFOkNsOGMoIAXOipb7N0Yn jyEK4Suv9xTdmhlJPRGHfWEQJ91E2CxkwIzPOkgSyJ4UOMNUZTvkAdUtS9k9gNuD/71B alr7EXdFZ1UD/1FUUyT3sQSt16ktP0n2pESpFXOYIFYFg6BRF1TtdSuMFqKym1riX+b2 3k6NYQIJAWeirIszwCc6ayhd0br9Z14HwTcrHLtU2O45uM3NN/bjKIW8AiwqRnuwhFo9 FafQ== X-Gm-Message-State: AO0yUKWKcMaETLS8b+YqrCDwohMdWnwaYVot7ZHrkl6vdI782ZxqB7Ri BvVeH8sl3r3ndPgJWKYaMRBo1L9WRoU7xxOQtVU= X-Google-Smtp-Source: AK7set981SrirQiFBWaZxlcKxBR0kBTYWv3oV3+6NxYBBpyhgoIO34kYohYYC30hWZ7ZG587NryXaQK1ELbmMLMxtPw= X-Received: by 2002:a05:6830:86:b0:69f:2a7b:22b9 with SMTP id a6-20020a056830008600b0069f2a7b22b9mr8992270oto.0.1680286110928; Fri, 31 Mar 2023 11:08:30 -0700 (PDT) MIME-Version: 1.0 References: <20230330155707.3106228-1-peterx@redhat.com> <20230330155707.3106228-2-peterx@redhat.com> In-Reply-To: From: Dmitry Safonov <0x7f454c46@gmail.com> Date: Fri, 31 Mar 2023 19:08:19 +0100 Message-ID: Subject: Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized features" To: Axel Rasmussen Cc: Peter Xu , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Mike Kravetz , Andrew Morton , Andrea Arcangeli , Mike Rapoport , Nadav Amit , Leonardo Bras Soares Passos , David Hildenbrand , linux-stable Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: DBBFE1A0025 X-Rspam-User: X-Stat-Signature: uzx3q4gn1u5ey9yn9mwfssttwbfsb1r4 X-HE-Tag: 1680286111-470481 X-HE-Meta: U2FsdGVkX1+/9htCS+PUr3vJwupX6ApG+JuGVWWqYuGaZnSXzGeb7etf0fXo7jt7Z6je9ALzpFnkvq4XKQKVyiZ9Fw7g9AiUchjg7t6zT2uTOo2nHET4G7StHaoQj0JiG2mZjiMAdnoZYgB52TWhL00DPOL2Jm7Qo6qFbD9iMXO69fFL9wpmEUyPcuYXc5iZ/sk0bseSDC/nFtUtCxHfQg6Bwh+W0QtdTFG03NYPArKjVDHtx2k7aMLsUAsW5phOpxI5hN8uDUy+R2zlX/ugPqQN2gCBfYlcIOZ5j+txcuZO0GrQiQI1GXLpWn01unndmNO6/V4/fI/H5ej92Uql4Ol6lpPGSsHN9jER3JqrsUgDspE7HTcZ8VTVoOrXW5m+u+x25evsVoXj+GfBHSqn5WBdOlgBud06m7qOijfkV5OOn3CA0VEB0K/9sE4at6O9kbPhgg1jp7t8CfNFSPU5jU2cCEnQ1hltOIAxqvOwcj2cWeLiGSutQZmM7I5opzEKoP5Zb7+Xygl3qiWR8tU4s0AKWoEfrA/sz6x4r+rg6mgLKClojcN+z1+B9Oy6GrLh6ApS7Ksj3bt/S0BPclXNf7hPb/WYWVg5G3cuDSwDRbL71bkkNjiG5HdKnkLYVxmmAEkHwlcc4kEG1zTYkBizW24DmJW26MPqHbpCC7mH/L9AwUIvlcmzWUT3sx7kL4vlLxbcbLTwgiFyrHOZmGekLCXBk5u+06WV+tzkJrQuLsdVo+wz+1/6xR17D2ih/JkyazCZYiljT6hv45OrUAGfDRq5ZxjzbLT3G6X6CHA3g9bx/yyCrI/CGA/zrGVOzAacSHPX0lgJ7Mr0oeurbHCicIwTB5Y95QHGMfR/jMtjIIRalp9JmN5GRaND91V9i1Th5+qQpoKWpXLITz3cW489Sw1y0u2vU3sGe5kvir8WTjtnb7VsV5x/yr55jVZ0U6uQVZS8vxCYqD17A485rqI s0JcLKOy dErC5GkEhgFmQxB9ZbWmD3Xkx1n46Lu2ldjkDvBKQdgTMddh7hrYQYomeqzvzer+fN/87lQ3Kj2J0ssrB9vp51y2WJ9iK+n4bVoSoxlZRk1qP+t0Hxx5P6l7tBfQByBviOznxP/sbgKZ4A/xQO1PFH3gCjwlj2MFOuMUGRuNh2TDzb1N64j82xR65K5OFwH/dCBLUQ3dC90M8no79EbKyEK42+gOQdcSSuNm4pVPYaTMW4xgtf1d74SPrPlF588blxHc8HUhkhfVTasphImAU/KkIN53UjpJI/4Z6e/fXjhpp5LCXMt2dtjsDsHg9uFFZ5wSqePnPvqF4+G8VGKPc/gPhaPuSiRlodPSGO1TRftvOS5gIXZucXBKAwDD79IRNfMjhUxWioiSy3jklCQwibYVjK4UeN1S5hRy8rLZFSx9pyNDgzzfYFogG130kda1j9fsgbPA+EdXzS+s9LXCXaXkCteZaU9PYUrS9THtCf8RDhMjBn0tgDLTc/kiAfno2TnZc3cjBV0ocATEtJdxCzrcb357H/V3tDaUvhJnYAs8a9lQrHRrU63ulYK5EBydLOasvFAqTf7TaBr80kFPRJd9Kner7OdWLk1+6DzqHVtcnyPXDfGSnNHmgjvqwQmycfxXPyKeZjvYWYGwayRLtLs6rtBA9A3dWlKXYJkdDFh11Cu3mzS7VFIVvXRNb2zjQAJRcEtqq6cPWncAxeNxTh13RhJ+6LcEWwHZ2LpL0lWCZ9ug= X-Bogosity: Ham, tests=bogofilter, spamicity=0.003526, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 31 Mar 2023 at 17:52, Axel Rasmussen wro= te: > > On Thu, Mar 30, 2023 at 3:27=E2=80=AFPM Peter Xu wrot= e: > > > > On Thu, Mar 30, 2023 at 12:04:09PM -0700, Axel Rasmussen wrote: > > > On Thu, Mar 30, 2023 at 8:57=E2=80=AFAM Peter Xu = wrote: > > > > > > > > This is a proposal to revert commit 914eedcb9ba0ff53c33808. > > > > > > > > I found this when writting a simple UFFDIO_API test to be the first= unit > > > > test in this set. Two things breaks with the commit: > > > > > > > > - UFFDIO_API check was lost and missing. According to man page, = the > > > > kernel should reject ioctl(UFFDIO_API) if uffdio_api.api !=3D 0xa= a. This > > > > check is needed if the api version will be extended in the future= , or > > > > user app won't be able to identify which is a new kernel. > > > > > > > > - Feature flags checks were removed, which means UFFDIO_API with = a > > > > feature that does not exist will also succeed. According to the = man > > > > page, we should (and it makes sense) to reject ioctl(UFFDIO_API) = if > > > > unknown features passed in. If features/flags are not checked in kernel, and the kernel doesn't return an error on an unknown flag/error, that makes the syscall non-extendable, meaning that adding any new feature may break existing software, which doesn't sanitize them properly. https://lwn.net/Articles/588444/ See a bunch of painful exercises from syscalls with numbers in the end: https://lwn.net/Articles/792628/ To adding an additional setsockopt() because an old one didn't have sanity checks for flags: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?= id=3D8917a777be3b (not the best example, as the new setsockopt() didn't check flags for sanity as well (sic!), but that's near the code I work on now) This is even documented nowadays: https://www.kernel.org/doc/html/latest/process/adding-syscalls.html#designi= ng-the-api-planning-for-extension ...and everyone knows what happens when you blame userspace for breaking by not doing what you would have expected it to do: https://lkml.org/lkml/2012/12/23/75 [..] > > There's one reason that we may consider keeping the behavior. IMHO it = is > > when there're major softwares that uses the "wrong" ABI (let's say so; > > because it's not following the man pages). If you're aware any such ma= jor > > softwares (especially open sourced) will break due to this revert patch= , > > please shoot. > > Well, I did find one example, criu: > https://github.com/checkpoint-restore/criu/blob/criu-dev/criu/uffd.c#L266 Mike can speak better than me about uffd, but AFAICS, CRIU correctly detect= s features with kerneldat/kdat: https://github.com/checkpoint-restore/criu/blob/criu-dev/criu/kerndat.c#L12= 35 So, doing a sane thing in kernel shouldn't break CRIU (at least here). Thanks, Dmitry