lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 25 Jan 2021 17:44:50 -0800
From:   Lokesh Gidra <lokeshgidra@...gle.com>
To:     linux-man@...r.kernel.org
Cc:     Daniel Colascione <dancol@...col.org>,
        linux-kernel@...r.kernel.org, kaleshsingh@...gle.com,
        calin@...gle.com, surenb@...gle.com, jeffv@...gle.com,
        kernel-team@...roid.com, Peter Xu <peterx@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-mm@...ck.kernel.org, Lokesh Gidra <lokeshgidra@...gle.com>
Subject: [PATCH v1] userfaultfd.2: Add UFFD_USER_MODE_ONLY flag

Add description of UFFD_USER_MODE_ONLY flag to userfaultfd(2) manual
page, which is required after [1]. Also updated the description of
unprivileged_userfaultfd file in proc(5) as per [2].

[1] https://lore.kernel.org/linux-mm/20201215031349.NXimL388W%25akpm@linux-foundation.org/
[2] https://lore.kernel.org/linux-mm/20201215031354.gUsHJUpKo%25akpm@linux-foundation.org/

Signed-off-by: Lokesh Gidra <lokeshgidra@...gle.com>
---
 man2/userfaultfd.2 |  5 +++++
 man5/proc.5        | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/man2/userfaultfd.2 b/man2/userfaultfd.2
index e7dc9f813..792a49d52 100644
--- a/man2/userfaultfd.2
+++ b/man2/userfaultfd.2
@@ -72,6 +72,11 @@ See the description of the
 .BR O_NONBLOCK
 flag in
 .BR open (2).
+.TP
+.BR UFFD_USER_MODE_ONLY " (Since Linux 5.11)"
+Allow handling of user-mode page-faults only. See the description of the
+unprivileged_userfaultfd file in
+.BR proc (5).
 .PP
 When the last file descriptor referring to a userfaultfd object is closed,
 all memory ranges that were registered with the object are unregistered
diff --git a/man5/proc.5 b/man5/proc.5
index f16a29d6e..cb2350c0c 100644
--- a/man5/proc.5
+++ b/man5/proc.5
@@ -5905,6 +5905,18 @@ If this file has the value 0, then only processes that have the
 capability may employ
 .BR userfaultfd (2).
 The default value in this file is 1.
+.IP
+Starting with Linux 5.11,
+.BR userfaultfd (2)
+can be used by all processes, however, if this file has the value 0, then
+.BR UFFD_USER_MODE_ONLY
+flag must be passed to it, which restricts page-fault handling to only
+user-mode faults. This restriction is not applicable for processes with
+.B CAP_SYS_PTRACE
+capability, or if this file has the value 1. Furthermore, the default
+value in this file is changed to 0. For further details see the
+Linux kernel source file
+.I Documentation/admin\-guide/sysctl/vm.rst.
 .TP
 .IR /proc/sysrq\-trigger " (since Linux 2.4.21)"
 Writing a character to this file triggers the same SysRq function as
-- 
2.30.0.280.ga3ce27912f-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ