From: Andy Lutomirski <luto@amacapital.net>
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>, Jann Horn <jannh@google.com>,
Daniel Colascione <dancol@google.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Pavel Emelyanov <xemul@virtuozzo.com>,
Lokesh Gidra <lokeshgidra@google.com>,
Nick Kralevich <nnk@google.com>, Nosh Minwalla <nosh@google.com>,
Tim Murray <timmurray@google.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Linux API <linux-api@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API.
Date: Wed, 23 Oct 2019 16:01:53 -0700
Message-ID: <EB0634BD-AAF4-4805-8178-30FFA94B7B58@amacapital.net> (raw)
In-Reply-To: <20191023224110.GE9902@redhat.com>
> On Oct 23, 2019, at 3:41 PM, Andrea Arcangeli <aarcange@redhat.com> wrote:
>
> On Wed, Oct 23, 2019 at 02:25:35PM -0700, Andy Lutomirski wrote:
>> That doesn't solve the problem. With your time machine, you should
>
> Would you elaborate what problem remains if execve closes all uffd
> so that read() cannot run post execve?
>
fcntl() can clear the CLOEXEC flag. And CLOEXEC has no effect on SCM_RIGHTS.
>> instead use ioctl() or recvmsg().
>
> The event delivery is modeled after eventfd.c per userfaultfd.c header
> file, so would then eventfd also need to be converted to ioctl or
> recvmsg to deliver its event any better? Initially I evaluated to use
> eventfd for it in fact, but it wasn't possible. I didn't look like it
> could get any better than eventfd in terms of event delivery.
>
> Or do you refer to single out only the delivery of the UFFD_EVENT_FORK
> event not through read()?
Delivering events through read() is just fine. The problem is when delivering an event does more than just returning bytes. As far as I’ve noticed, uffd’s read() just returns bytes as long as FORK is disabled.
next prev parent reply index
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-12 19:15 [PATCH 0/7] Harden userfaultfd Daniel Colascione
2019-10-12 19:15 ` [PATCH 1/7] Add a new flags-accepting interface for anonymous inodes Daniel Colascione
2019-10-14 4:26 ` kbuild test robot
2019-10-14 15:38 ` Jann Horn
2019-10-14 18:15 ` Daniel Colascione
2019-10-14 18:30 ` Jann Horn
2019-10-15 8:08 ` Christoph Hellwig
2019-10-12 19:15 ` [PATCH 2/7] Add a concept of a "secure" anonymous file Daniel Colascione
2019-10-14 3:01 ` kbuild test robot
2019-10-15 8:08 ` Christoph Hellwig
2019-10-12 19:15 ` [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API Daniel Colascione
2019-10-12 23:10 ` Andy Lutomirski
2019-10-13 0:51 ` Daniel Colascione
2019-10-13 1:14 ` Andy Lutomirski
2019-10-13 1:38 ` Daniel Colascione
2019-10-14 16:04 ` Jann Horn
2019-10-23 19:09 ` Andrea Arcangeli
2019-10-23 19:21 ` Andy Lutomirski
2019-10-23 21:16 ` Andrea Arcangeli
2019-10-23 21:25 ` Andy Lutomirski
2019-10-23 22:41 ` Andrea Arcangeli
2019-10-23 23:01 ` Andy Lutomirski [this message]
2019-10-23 23:27 ` Andrea Arcangeli
2019-10-23 20:05 ` Daniel Colascione
2019-10-24 0:23 ` Andrea Arcangeli
2019-10-23 20:15 ` Linus Torvalds
2019-10-24 9:02 ` Mike Rapoport
2019-10-24 15:10 ` Andrea Arcangeli
2019-10-25 20:12 ` Mike Rapoport
2019-10-22 21:27 ` Daniel Colascione
2019-10-23 4:11 ` Andy Lutomirski
2019-10-23 7:29 ` Cyrill Gorcunov
2019-10-23 12:43 ` Mike Rapoport
2019-10-23 17:13 ` Andy Lutomirski
2019-10-12 19:15 ` [PATCH 4/7] Teach SELinux about a new userfaultfd class Daniel Colascione
2019-10-12 23:08 ` Andy Lutomirski
2019-10-13 0:11 ` Daniel Colascione
2019-10-13 0:46 ` Andy Lutomirski
2019-10-12 19:16 ` [PATCH 5/7] Let userfaultfd opt out of handling kernel-mode faults Daniel Colascione
2019-10-12 19:16 ` [PATCH 6/7] Allow users to require UFFD_SECURE Daniel Colascione
2019-10-12 23:12 ` Andy Lutomirski
2019-10-12 19:16 ` [PATCH 7/7] Add a new sysctl for limiting userfaultfd to user mode faults Daniel Colascione
2019-10-16 0:02 ` [PATCH 0/7] Harden userfaultfd James Morris
2019-11-15 15:09 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=EB0634BD-AAF4-4805-8178-30FFA94B7B58@amacapital.net \
--to=luto@amacapital.net \
--cc=aarcange@redhat.com \
--cc=dancol@google.com \
--cc=dgilbert@redhat.com \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lokeshgidra@google.com \
--cc=luto@kernel.org \
--cc=nnk@google.com \
--cc=nosh@google.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=timmurray@google.com \
--cc=torvalds@linux-foundation.org \
--cc=xemul@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-api Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-api/0 linux-api/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-api linux-api/ https://lore.kernel.org/linux-api \
linux-api@vger.kernel.org
public-inbox-index linux-api
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-api
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git