From: Peter Xu peterx@redhat.com
stable inclusion from mainline-v5.14-rc1 commit 00b151f21f390f1e0b294720a3660506abaf49cd category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEN5 CVE: CVE-2024-41027
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
We should fail uffd-wp registration immediately if the arch does not even have CONFIG_HAVE_ARCH_USERFAULTFD_WP defined. That'll block also relevant ioctls on e.g. UFFDIO_WRITEPROTECT because that'll check against VM_UFFD_WP, which can only be applied with a success registration.
Remove the WP feature bit too for those archs when handling UFFDIO_API ioctl.
Link: https://lkml.kernel.org/r/20210428225030.9708-5-peterx@redhat.com Signed-off-by: Peter Xu peterx@redhat.com Cc: Alexander Viro viro@zeniv.linux.org.uk Cc: Andrea Arcangeli aarcange@redhat.com Cc: Axel Rasmussen axelrasmussen@google.com Cc: Brian Geffon bgeffon@google.com Cc: "Dr . David Alan Gilbert" dgilbert@redhat.com Cc: Hugh Dickins hughd@google.com Cc: Jerome Glisse jglisse@redhat.com Cc: Joe Perches joe@perches.com Cc: Kirill A. Shutemov kirill@shutemov.name Cc: Lokesh Gidra lokeshgidra@google.com Cc: Mike Kravetz mike.kravetz@oracle.com Cc: Mike Rapoport rppt@linux.vnet.ibm.com Cc: Mina Almasry almasrymina@google.com Cc: Oliver Upton oupton@google.com Cc: Shaohua Li shli@fb.com Cc: Shuah Khan shuah@kernel.org Cc: Stephen Rothwell sfr@canb.auug.org.au Cc: Wang Qing wangqing@vivo.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Conflicts: fs/userfaultfd.c [Yongqiang: Only fix context] Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- fs/userfaultfd.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index dfa1a638640c..e92baac4c3de 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1306,8 +1306,12 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, goto out; if (uffdio_register.mode & UFFDIO_REGISTER_MODE_MISSING) vm_flags |= VM_UFFD_MISSING; - if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP) + if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP) { +#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP + goto out; +#endif vm_flags |= VM_UFFD_WP; + }
ret = validate_range(mm, uffdio_register.range.start, uffdio_register.range.len); @@ -1887,6 +1891,9 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, goto err_out; /* report all available features and ioctls to userland */ uffdio_api.features = UFFD_API_FEATURES; +#ifndef CONFIG_HAVE_ARCH_USERFAULTFD_WP + uffdio_api.features &= ~UFFD_FEATURE_PAGEFAULT_FLAG_WP; +#endif uffdio_api.ioctls = UFFD_API_IOCTLS; ret = -EFAULT; if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))