| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200423002632.224776-1-dancol@google.com>
Date: Wed, 22 Apr 2020 17:26:30 -0700
From: Daniel Colascione <dancol@...gle.com>
To: Jonathan Corbet <corbet@....net>,
Alexander Viro <viro@...iv.linux.org.uk>,
Luis Chamberlain <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>,
Iurii Zaikin <yzaikin@...gle.com>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andy.shevchenko@...il.com>,
Vlastimil Babka <vbabka@...e.cz>,
Mel Gorman <mgorman@...hsingularity.net>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Peter Xu <peterx@...hat.com>,
Daniel Colascione <dancol@...gle.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Jerome Glisse <jglisse@...hat.com>, Shaohua Li <shli@...com>,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, timmurray@...gle.com,
minchan@...gle.com, sspatil@...gle.com, lokeshgidra@...gle.com
Subject: [PATCH 0/2] Control over userfaultfd kernel-fault handling
This small patch series adds a new flag to userfaultfd(2) that allows
callers to give up the ability to handle user-mode faults with the
resulting UFFD file object. In then add a new sysctl to require
unprivileged callers to use this new flag.
The purpose of this new interface is to decrease the change of an
unprivileged userfaultfd user taking advantage of userfaultfd to
enhance security vulnerabilities by lengthening the race window in
kernel code.
This patch series is split from [1].
[1] https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@google.com/
Daniel Colascione (2):
Add UFFD_USER_MODE_ONLY
Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only
Documentation/admin-guide/sysctl/vm.rst | 13 +++++++++++++
fs/userfaultfd.c | 18 ++++++++++++++++--
include/linux/userfaultfd_k.h | 1 +
include/uapi/linux/userfaultfd.h | 9 +++++++++
kernel/sysctl.c | 9 +++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
--
2.26.2.303.gf8c07b1a785-goog
Powered by blists - more mailing lists