[PATCH 0/2] Control over userfaultfd kernel-fault handling

From: Daniel Colascione
Date: Wed Apr 22 2020 - 20:27:04 EST

Next message: Daniel Colascione: "[PATCH 1/2] Add UFFD_USER_MODE_ONLY"
Previous message: Jakub Kicinski: "Re: [PATCH v2] net: ethernet: ixp4xx: Add error handling in ixp4xx_eth_probe()"
Next in thread: Daniel Colascione: "[PATCH 1/2] Add UFFD_USER_MODE_ONLY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This small patch series adds a new flag to userfaultfd(2) that allows
callers to give up the ability to handle user-mode faults with the
resulting UFFD file object. In then add a new sysctl to require
unprivileged callers to use this new flag.

The purpose of this new interface is to decrease the change of an
unprivileged userfaultfd user taking advantage of userfaultfd to
enhance security vulnerabilities by lengthening the race window in
kernel code.

This patch series is split from [1].

[1] https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@xxxxxxxxxx/

Daniel Colascione (2):
Add UFFD_USER_MODE_ONLY
Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only

Documentation/admin-guide/sysctl/vm.rst | 13 +++++++++++++
fs/userfaultfd.c | 18 ++++++++++++++++--
include/linux/userfaultfd_k.h | 1 +
include/uapi/linux/userfaultfd.h | 9 +++++++++
kernel/sysctl.c | 9 +++++++++
5 files changed, 48 insertions(+), 2 deletions(-)

--
2.26.2.303.gf8c07b1a785-goog

Next message: Daniel Colascione: "[PATCH 1/2] Add UFFD_USER_MODE_ONLY"
Previous message: Jakub Kicinski: "Re: [PATCH v2] net: ethernet: ixp4xx: Add error handling in ixp4xx_eth_probe()"
Next in thread: Daniel Colascione: "[PATCH 1/2] Add UFFD_USER_MODE_ONLY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]