| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+EESO4kLaje0yTOyMSxHfSLC0n86zAF+M1DWB_XrwFDLOCawQ@mail.gmail.com>
Date: Thu, 23 Jul 2020 10:30:34 -0700
From: Lokesh Gidra <lokeshgidra@...gle.com>
To: Jeffrey Vander Stoep <jeffv@...gle.com>
Cc: Andrea Arcangeli <aarcange@...hat.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Kees Cook <keescook@...omium.org>,
"Michael S. Tsirkin" <mst@...hat.com>,
Daniel Colascione <dancol@...gle.com>,
Jonathan Corbet <corbet@....net>,
Alexander Viro <viro@...iv.linux.org.uk>,
Luis Chamberlain <mcgrof@...nel.org>,
Iurii Zaikin <yzaikin@...gle.com>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andy.shevchenko@...il.com>,
Vlastimil Babka <vbabka@...e.cz>,
Mel Gorman <mgorman@...hsingularity.net>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Peter Xu <peterx@...hat.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Jerome Glisse <jglisse@...hat.com>, Shaohua Li <shli@...com>,
linux-doc@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Tim Murray <timmurray@...gle.com>,
Minchan Kim <minchan@...gle.com>,
Sandeep Patil <sspatil@...gle.com>, kernel@...roid.com,
Daniel Colascione <dancol@...col.org>,
Kalesh Singh <kaleshsingh@...gle.com>,
Nick Kralevich <nnk@...gle.com>
Subject: Re: [PATCH 2/2] Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only
Daniel, the original contributor of this patchset, has moved to
another company. Adding his personal email, in case he still wants to
be involved.
>From the discussion so far it seems that there is a consensus that
patch 1/2 in this series should be upstreamed in any case. Is there
anything that is pending on that patch?
On Fri, Jul 17, 2020 at 5:57 AM Jeffrey Vander Stoep <jeffv@...gle.com> wrote:
>
> On Wed, May 20, 2020 at 11:17 PM Andrea Arcangeli <aarcange@...hat.com> wrote:
> >
> > On Wed, May 20, 2020 at 01:17:20PM -0700, Lokesh Gidra wrote:
> > > Adding the Android kernel team in the discussion.
> >
> > Unless I'm mistaken that you can already enforce bit 1 of the second
> > parameter of the userfaultfd syscall to be set with seccomp-bpf, this
> > would be more a question to the Android userland team.
> >
> > The question would be: does it ever happen that a seccomp filter isn't
> > already applied to unprivileged software running without
> > SYS_CAP_PTRACE capability?
>
> Yes.
>
> Android uses selinux as our primary sandboxing mechanism. We do use
> seccomp on a few processes, but we have found that it has a
> surprisingly high performance cost [1] on arm64 devices so turning it
> on system wide is not a good option.
>
> [1] https://lore.kernel.org/linux-security-module/202006011116.3F7109A@keescook/T/#m82ace19539ac595682affabdf652c0ffa5d27dad
> >
> >
> > If answer is "no" the behavior of the new sysctl in patch 2/2 (in
> > subject) should be enforceable with minor changes to the BPF
> > assembly. Otherwise it'd require more changes.
> >
Adding Nick (Jeff is already here) to respond to Andrea's concerns
about adding option '2' to sysctl knob.
> > Thanks!
> > Andrea
> >
Powered by blists - more mailing lists