| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9D80DB2B-B25E-4BF0-8831-95C24818D995@vmware.com>
Date: Tue, 2 Aug 2022 18:46:29 +0000
From: Nadav Amit <namit@...are.com>
To: Axel Rasmussen <axelrasmussen@...gle.com>
CC: Alexander Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"Dmitry V . Levin" <ldv@...linux.org>,
Gleb Fotengauer-Malinovskiy <glebfm@...linux.org>,
Hugh Dickins <hughd@...gle.com>, Jan Kara <jack@...e.cz>,
Jonathan Corbet <corbet@....net>,
Mel Gorman <mgorman@...hsingularity.net>,
Mike Kravetz <mike.kravetz@...cle.com>,
Mike Rapoport <rppt@...nel.org>, Peter Xu <peterx@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Suren Baghdasaryan <surenb@...gle.com>,
Vlastimil Babka <vbabka@...e.cz>,
zhangyi <yi.zhang@...wei.com>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH v4 2/5] userfaultfd: add /dev/userfaultfd for fine grained
access control
On Jul 19, 2022, at 12:56 PM, Axel Rasmussen <axelrasmussen@...gle.com> wrote:
>
> +static int new_userfaultfd(bool is_syscall, int flags)
> {
> struct userfaultfd_ctx *ctx;
> int fd;
>
> - if (!sysctl_unprivileged_userfaultfd &&
> - (flags & UFFD_USER_MODE_ONLY) == 0 &&
> - !capable(CAP_SYS_PTRACE)) {
> - printk_once(KERN_WARNING "uffd: Set unprivileged_userfaultfd "
> - "sysctl knob to 1 if kernel faults must be handled "
> - "without obtaining CAP_SYS_PTRACE capability\n");
> + if (is_syscall && !userfaultfd_syscall_allowed(flags))
> return -EPERM;
> - }
>
> BUG_ON(!current->mm);
>
> @@ -2098,8 +2105,42 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
> return fd;
> }
>
> +SYSCALL_DEFINE1(userfaultfd, int, flags)
> +{
> + return new_userfaultfd(true, flags);
> +}
Not critical, but why not to put the userfaultfd_syscall_allowed() check
here? You would be able to lose the “is_syscall”.
I also had a small comment for patch 5.
But these are minor issues, so for the series:
Acked-by: Nadav Amit <namit@...are.com>
[ Sorry again for misunderstanding the scheme you were using is similar to
KVM and therefore reasonable. ]
Powered by blists - more mailing lists