Re: [PATCH] mm: Allow shmem mappings with MREMAP_DONTUNMAP

cepts private anonymous mappings. This > > change > > will widen the support to include shmem mappings. The primary use case > > is to support MREMAP_DONTUNMAP on mappings which may have been created from > > a memfd. > > > > Lokesh Gidra who works on the Androi

Re: [PATCH v3 7/9] userfaultfd: add UFFDIO_CONTINUE ioctl

On Thu, Jan 28, 2021 at 2:48 PM Axel Rasmussen wrote: > > This ioctl is how userspace ought to resolve "minor" userfaults. The > idea is, userspace is notified that a minor fault has occurred. It might > change the contents of the page using its second non-UFFD mapping, or > not. Then, it calls UF

Re: [PATCH v1] userfaultfd.2: Add UFFD_USER_MODE_ONLY flag

On Mon, Jan 25, 2021 at 5:44 PM Lokesh Gidra wrote: > > Add description of UFFD_USER_MODE_ONLY flag to userfaultfd(2) manual > page, which is required after [1]. Also updated the description of > unprivileged_userfaultfd file in proc(5) as per [2]. > > [1] > https://lor

[PATCH v1] userfaultfd.2: Add UFFD_USER_MODE_ONLY flag

://lore.kernel.org/linux-mm/20201215031354.gushjupko%25a...@linux-foundation.org/ Signed-off-by: Lokesh Gidra --- man2/userfaultfd.2 | 5 + man5/proc.5| 12 2 files changed, 17 insertions(+) diff --git a/man2/userfaultfd.2 b/man2/userfaultfd.2 index e7dc9f813..792a49d52

Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD

On Thu, Jan 14, 2021 at 2:47 PM Paul Moore wrote: > > On Tue, Jan 12, 2021 at 12:15 PM Paul Moore wrote: > > > > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra wrote: > > > > > > Userfaultfd in unprivileged contexts could be potentially very > > > us

[PATCH v15 2/4] fs: add LSM-supporting anon-inode interface

ror handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/anon_inodes.c| 150 ++-- fs/libfs.c | 5 -- include/linux/anon_inodes.h | 5 ++ 3 files changed, 115 insertions(+), 45 deletions(-)

[PATCH v15 4/4] userfaultfd: use secure anon inodes for userfaultfd

userfaultfd syscall] [LG: Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index

[PATCH v15 0/4] SELinux support for anonymous inodes and UFFD

o.nsa.gov/ [3] https://lore.kernel.org/lkml/23f725ca-5b5a-5938-fcc8-5bbbfc9ba...@tycho.nsa.gov/ Daniel Colascione (3): fs: add LSM-supporting anon-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes for userfaultfd Lokesh Gidra (1):

[PATCH v15 3/4] selinux: teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- security/selinux/hooks.c| 57 + security/selinux/include/classmap.h | 2 + 2 files changed, 59 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c in

[PATCH v15 1/4] security: add inode_init_security_anon() LSM hook

additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra Reviewed-by: Er

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Fri, Jan 8, 2021 at 1:24 PM Stephen Smalley wrote: > > On Fri, Jan 8, 2021 at 3:17 PM Lokesh Gidra wrote: > > > > On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley > > wrote: > > > > > > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote: > > &g

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley wrote: > > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote: > > > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > > From: Daniel Colascione > > > > > > This change uses the anon_inodes a

[PATCH v14 2/4] fs: add LSM-supporting anon-inode interface

ror handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/anon_inodes.c| 150 ++-- fs/libfs.c | 5 -- include/linux/anon_inodes.h | 5 ++ 3 files changed, 115 insertions(+), 45 deletions(-)

[PATCH v14 4/4] userfaultfd: use secure anon inodes for userfaultfd

userfaultfd syscall] [LG: Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index

[PATCH v14 3/4] selinux: teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- security/selinux/hooks.c| 59 + security/selinux/include/classmap.h | 2 + 2 files changed, 61 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c in

[PATCH v14 0/4] SELinux support for anonymous inodes and UFFD

sdevel/20200213194157.5877-1-...@tycho.nsa.gov/ [3] https://lore.kernel.org/lkml/23f725ca-5b5a-5938-fcc8-5bbbfc9ba...@tycho.nsa.gov/ Daniel Colascione (3): fs: add LSM-supporting anon-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes f

[PATCH v14 1/4] security: add inode_init_security_anon() LSM hook

additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra Reviewed-by: Er

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Thu, Jan 7, 2021 at 2:30 PM Paul Moore wrote: > > On Wed, Jan 6, 2021 at 10:55 PM Lokesh Gidra wrote: > > On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote: > > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra > > > wrote: > > > > From: Daniel Colasc

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote: > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > From: Daniel Colascione > > > > This change uses the anon_inodes and LSM infrastructure introduced in > > the previous patches to give SELinux the ability

Re: [PATCH v13 2/4] fs: add LSM-supporting anon-inode interface

On Wed, Jan 6, 2021 at 6:10 PM Paul Moore wrote: > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > From: Daniel Colascione > > > > This change adds a new function, anon_inode_getfd_secure, that creates > > anonymous-node file with individual non-S_P

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Mon, Nov 23, 2020 at 2:43 PM Paul Moore wrote: > > On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote: > > On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote: > > > On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra > > > wrote: > > > > I have created a

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote: > > On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra wrote: > > I have created a cuttlefish build and have tested with the attached > > userfaultfd program: > > Thanks, that's a good place to start, a few comments: > &

Re: [PATCH v6 1/2] Add UFFD_USER_MODE_ONLY

On Fri, Nov 20, 2020 at 3:33 PM Andrew Morton wrote: > > On Thu, 19 Nov 2020 19:04:10 -0800 Lokesh Gidra > wrote: > > > userfaultfd handles page faults from both user and kernel code. > > Add a new UFFD_USER_MODE_ONLY flag for userfaultfd(2) that makes > > th

Re: [PATCH v6 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote: > > With this change, when the knob is set to 0, it allows unprivileged > users to call userfaultfd, like when it is set to 1, but with the > restriction that page faults from only user-mode can be handled. > In this mode, an un

Re: [PATCH v6 1/2] Add UFFD_USER_MODE_ONLY

On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote: > > userfaultfd handles page faults from both user and kernel code. > Add a new UFFD_USER_MODE_ONLY flag for userfaultfd(2) that makes > the resulting userfaultfd object refuse to handle faults from kernel > mode, treating the

Re: [PATCH v6 0/2] Control over userfaultfd kernel-fault handling

On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote: > > This patch series is split from [1]. The other series enables SELinux > support for userfaultfd file descriptors so that its creation and > movement can be controlled. > > It has been demonstrated on various occasions that

[PATCH v6 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

s with the sysctl set to zero. So without this commit, any Linux binary using userfaultfd to manage its memory would behave differently if run within the Android userland. For more details, refer to Andrea's reply [1]. [1] https://lore.kernel.org/lkml/20200904033438.gi9...@redhat.com/ Signed-off-b

[PATCH v6 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra Reviewed-by: Andrea Arcangeli --- fs/userfaultfd.c | 10 +- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/userfaultf

[PATCH v6 0/2] Control over userfaultfd kernel-fault handling

rom kernel-mode. - Removed the new sysctl knob restricting handling of page faults from kernel-mode, and added an option for the same in the existing 'unprivileged_userfaultfd' knob. Lokesh Gidra (2): Add UFFD_USER_MODE_ONLY Add user-mode only option to unprivileged_

Re: [PATCH v6 0/2] Control over userfaultfd kernel-fault handling

On Mon, Oct 26, 2020 at 2:00 PM Lokesh Gidra wrote: > > This patch series is split from [1]. The other series enables SELinux > support for userfaultfd file descriptors so that its creation and > movement can be controlled. > > It has been demonstrated on various occasions that

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Thu, Nov 12, 2020 at 4:13 PM Paul Moore wrote: > > On Tue, Nov 10, 2020 at 10:30 PM Lokesh Gidra wrote: > > On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote: > > > On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra > > > wrote: > > > > On Mon

[PATCH v13 4/4] userfaultfd: use secure anon inodes for userfaultfd

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 000b457ad087

[PATCH v13 1/4] security: add inode_init_security_anon() LSM hook

additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra Reviewed-by: Er

[PATCH v13 2/4] fs: add LSM-supporting anon-inode interface

n_inode_getfile()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/anon_inodes.c| 150 ++-- fs/libfs.c | 5 -- include/linux/anon_inodes.h | 5 ++ 3 files changed, 115 insertions(+), 45 deletions(-) diff --git a/fs/ano

[PATCH v13 0/4] SELinux support for anonymous inodes and UFFD

on-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes for userfaultfd Lokesh Gidra (1): security: add inode_init_security_anon() LSM hook fs/anon_inodes.c| 150 fs/libfs.c

[PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- security/selinux/hooks.c| 56 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 58 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c in

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote: > > On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote: > > On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote: > > > On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra > > > wrote: > > > > > > > >

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

Thanks a lot Paul for the reviewing this patch. On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote: > > On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra wrote: > > > > From: Daniel Colascione > > > > This change uses the anon_inodes and LSM infrastructure introduced

[PATCH v12 4/4] userfaultfd: use secure anon inodes for userfaultfd

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 000b457ad087

[PATCH v12 0/4] SELinux support for anonymous inodes and UFFD

Daniel Colascione (3): fs: add LSM-supporting anon-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes for userfaultfd Lokesh Gidra (1): security: add inode_init_security_anon() LSM hook fs/anon_inodes.c| 150 +++

[PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- security/selinux/hooks.c| 53 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c in

[PATCH v12 2/4] fs: add LSM-supporting anon-inode interface

n_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c| 150 ++-- fs/libfs.c | 5 -- include/linux/anon_inodes.h | 5 ++ 3 files changed, 115 insertions(+), 45 deletions(-) diff --git a/fs/anon_inodes.c b/fs/anon

[PATCH v12 1/4] security: add inode_init_security_anon() LSM hook

additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra --- inc

[PATCH v11 4/4] userfaultfd: use secure anon inodes for userfaultfd

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra Reviewed-by: Eric Biggers --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 000b457ad087

[PATCH v11 2/4] fs: add LSM-supporting anon-inode interface

t error cast in __anon_inode_getfile()] [Fix error handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c| 149 ++-- fs/libfs.c | 6 +- include/linux/anon_inodes.h | 5 ++ 3 files changed, 117 insertions(+

[PATCH v11 3/4] selinux: teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- security/selinux/hooks.c| 53 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c in

[PATCH v11 1/4] security: add inode_init_security_anon() LSM hook

create an anon- inode of the same type. Signed-off-by: Lokesh Gidra --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/lsm_hooks.h | 9 + include/linux/security.h | 10 ++ security/security.c | 8 4 files changed, 29 insertions(+) diff --git a

[PATCH v11 0/4] SELinux support for anonymous inodes and UFFD

0213194157.5877-1-...@tycho.nsa.gov/ [3] https://lore.kernel.org/lkml/23f725ca-5b5a-5938-fcc8-5bbbfc9ba...@tycho.nsa.gov/ Daniel Colascione (3): fs: add LSM-supporting anon-inode interface selinux: teach SELinux about anonymous inodes userfaultfd: use secure anon inodes for userfaultfd Loke

[PATCH v10 3/3] Use secure anon inodes for userfaultfd

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a3837da52..918535b49475 100644 --- a/fs

[PATCH v10 1/3] Add a new LSM-supporting anonymous inode interface

() static] [Use correct error cast in __anon_inode_getfile()] [Fix error handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c | 148 +- include/linux/anon_inodes.h | 8 ++ include/linux/lsm_hook_defs.h | 2 +

[PATCH v10 2/3] Teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra Cc: Al Viro Cc: Andrew Morton --- security/selinux/hooks.c| 53 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/security/selinux/hooks.c b/

[PATCH v10 0/3] SELinux support for anonymous inodes and UFFD

Userfaultfd in unprivileged contexts could be potentially very useful. We'd like to harden userfaultfd to make such unprivileged use less risky. This patch series allows SELinux to manage userfaultfd file descriptors and in the future, other kinds of anonymous-inode-based file descriptor. SELinux

[PATCH v6 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

s with the sysctl set to zero. So without this commit, any Linux binary using userfaultfd to manage its memory would behave differently if run within the Android userland. For more details, refer to Andrea's reply [1]. [1] https://lore.kernel.org/lkml/20200904033438.gi9...@redhat.com/ Signed-off-b

[PATCH v6 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra Reviewed-by: Andrea Arcangeli --- fs/userfaultfd.c | 10 +- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/userfaultf

[PATCH v6 0/2] Control over userfaultfd kernel-fault handling

rom kernel-mode. - Removed the new sysctl knob restricting handling of page faults from kernel-mode, and added an option for the same in the existing 'unprivileged_userfaultfd' knob. Lokesh Gidra (2): Add UFFD_USER_MODE_ONLY Add user-mode only option to unprivileged_

Re: [PATCH v10 0/3] SELinux support for anonymous inodes and UFFD

On Sun, Oct 11, 2020 at 1:29 AM Lokesh Gidra wrote: > > Userfaultfd in unprivileged contexts could be potentially very > useful. We'd like to harden userfaultfd to make such unprivileged use > less risky. This patch series allows SELinux to manage userfaultfd > file descripto

Re: [PATCH v5 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

On Fri, Oct 23, 2020 at 7:48 PM Andrea Arcangeli wrote: > > Hello everyone, > > On Sat, Oct 10, 2020 at 11:24:56PM -0700, Lokesh Gidra wrote: > > With this change, when the knob is set to 0, it allows unprivileged > > users to call userfaultfd, like when it i

Re: [PATCH v4 0/2] Control over userfaultfd kernel-fault handling

On Thu, Oct 8, 2020 at 4:22 PM Nick Kralevich wrote: > > On Wed, Oct 7, 2020 at 9:01 PM Andrea Arcangeli wrote: > > > > Hello Lokesh, > > > > On Wed, Oct 07, 2020 at 01:26:55PM -0700, Lokesh Gidra wrote: > > > On Wed, Sep 23, 2020 at 11:56 PM Lokesh Gi

[PATCH v10 0/3] SELinux support for anonymous inodes and UFFD

Userfaultfd in unprivileged contexts could be potentially very useful. We'd like to harden userfaultfd to make such unprivileged use less risky. This patch series allows SELinux to manage userfaultfd file descriptors and in the future, other kinds of anonymous-inode-based file descriptor. SELinux

[PATCH v10 2/3] Teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra Cc: Al Viro Cc: Andrew Morton --- security/selinux/hooks.c| 53 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/security/selinux/hooks.c b/

[PATCH v10 1/3] Add a new LSM-supporting anonymous inode interface

() static] [Use correct error cast in __anon_inode_getfile()] [Fix error handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c | 148 +- include/linux/anon_inodes.h | 8 ++ include/linux/lsm_hook_defs.h | 2 +

[PATCH v10 3/3] Use secure anon inodes for userfaultfd

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a3837da52..918535b49475 100644 --- a/fs

[PATCH v5 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

9...@redhat.com/ Signed-off-by: Lokesh Gidra --- Documentation/admin-guide/sysctl/vm.rst | 15 ++- fs/userfaultfd.c| 6 -- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysc

[PATCH v5 0/2] Control over userfaultfd kernel-fault handling

- Added external references to the threats from allowing unprivileged users to handle page faults from kernel-mode. - Removed the new sysctl knob restricting handling of page faults from kernel-mode, and added an option for the same in the existing 'unprivileged_userfaultfd' k

[PATCH v5 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 10 +- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c

Re: [PATCH v9 0/3] SELinux support for anonymous inodes and UFFD

On Wed, Sep 23, 2020 at 12:33 PM Lokesh Gidra wrote: > > Userfaultfd in unprivileged contexts could be potentially very > useful. We'd like to harden userfaultfd to make such unprivileged use > less risky. This patch series allows SELinux to manage userfaultfd > file descripto

Re: [PATCH v4 0/2] Control over userfaultfd kernel-fault handling

On Wed, Sep 23, 2020 at 11:56 PM Lokesh Gidra wrote: > > This patch series is split from [1]. The other series enables SELinux > support for userfaultfd file descriptors so that its creation and > movement can be controlled. > > It has been demonstrated on various occasions that

Re: [PATCH 0/5] Speed up mremap on large regions

On Thu, Oct 1, 2020 at 10:36 PM Kirill A. Shutemov wrote: > > On Thu, Oct 01, 2020 at 05:09:02PM -0700, Lokesh Gidra wrote: > > On Thu, Oct 1, 2020 at 9:00 AM Kalesh Singh wrote: > > > > > > On Thu, Oct 1, 2020 at 8:27 AM Kirill A. Shutemov > > > wrote:

Re: [PATCH 0/5] Speed up mremap on large regions

On Thu, Oct 1, 2020 at 9:00 AM Kalesh Singh wrote: > > On Thu, Oct 1, 2020 at 8:27 AM Kirill A. Shutemov > wrote: > > > > On Wed, Sep 30, 2020 at 03:42:17PM -0700, Lokesh Gidra wrote: > > > On Wed, Sep 30, 2020 at 3:32 PM Kirill A. Shutemov > > > wrote:

Re: [PATCH 0/5] Speed up mremap on large regions

On Wed, Sep 30, 2020 at 3:32 PM Kirill A. Shutemov wrote: > > On Wed, Sep 30, 2020 at 10:21:17PM +, Kalesh Singh wrote: > > mremap time can be optimized by moving entries at the PMD/PUD level if > > the source and destination addresses are PMD/PUD-aligned and > > PMD/PUD-sized. Enable moving a

[PATCH v4 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 6 +- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a383

[PATCH v4 0/2] Control over userfaultfd kernel-fault handling

dle page faults from kernel-mode. - Removed the new sysctl knob restricting handling of page faults from kernel-mode, and added an option for the same in the existing 'unprivileged_userfaultfd' knob. Lokesh Gidra (2): Add UFFD_USER_MODE_ONLY Add user-mode only option to u

[PATCH v4 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

9...@redhat.com/ Signed-off-by: Lokesh Gidra --- Documentation/admin-guide/sysctl/vm.rst | 15 ++- fs/userfaultfd.c| 6 -- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysc

[PATCH v9 3/3] Wire UFFD up to SELinux

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a3837da52..918535b49475 100644 --- a/fs

[PATCH v9 2/3] Teach SELinux about anonymous inodes

ition.) Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra Cc: Al Viro Cc: Andrew Morton --- security/selinux/hooks.c| 53 + security/selinux/include/classmap.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/security/selinux/hooks.c b/

[PATCH v9 1/3] Add a new LSM-supporting anonymous inode interface

() static] [Use correct error cast in _anon_inode_getfile()] [Fix error handling in _anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c | 147 +- include/linux/anon_inodes.h | 8 ++ include/linux/lsm_hook_defs.h | 2 +

[PATCH v9 0/3] SELinux support for anonymous inodes and UFFD

Userfaultfd in unprivileged contexts could be potentially very useful. We'd like to harden userfaultfd to make such unprivileged use less risky. This patch series allows SELinux to manage userfaultfd file descriptors and in the future, other kinds of anonymous-inode-based file descriptor. SELinux

Re: [PATCH v8 1/3] Add a new LSM-supporting anonymous inode interface

On Tue, Sep 1, 2020 at 5:41 AM Christian Brauner wrote: > > On Wed, Aug 26, 2020 at 11:35:20PM -0700, Lokesh Gidra wrote: > > From: Daniel Colascione > > > > This change adds a new function, anon_inode_getfd_secure, that creates > > anonymous-node file with ind

Re: [PATCH 2/2] Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only

On Thu, Sep 3, 2020 at 8:34 PM Andrea Arcangeli wrote: > > Hello, > > On Mon, Aug 17, 2020 at 03:11:16PM -0700, Lokesh Gidra wrote: > > There has been an emphasis that Android is probably the only user for > > the restriction of userfaults from kernel-space and that i

Re: [PATCH v8 2/3] Teach SELinux about anonymous inodes

On Mon, Aug 31, 2020 at 11:05 AM Stephen Smalley wrote: > > On Thu, Aug 27, 2020 at 2:35 AM Lokesh Gidra wrote: > > > > From: Daniel Colascione > > > > This change uses the anon_inodes and LSM infrastructure introduced in > > the previous patch to

[PATCH v8 3/3] Wire UFFD up to SELinux

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a3837da52..918535b49475 100644 --- a/fs

[PATCH v8 0/3] SELinux support for anonymous inodes and UFFD

Userfaultfd in unprivileged contexts could be potentially very useful. We'd like to harden userfaultfd to make such unprivileged use less risky. This patch series allows SELinux to manage userfaultfd file descriptors and in the future, other kinds of anonymous-inode-based file descriptor. SELinux

[PATCH v8 1/3] Add a new LSM-supporting anonymous inode interface

() static] [Use correct error cast in _anon_inode_getfile()] [Fix error handling in _anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c | 147 +- include/linux/anon_inodes.h | 8 ++ include/linux/lsm_hook_defs.h | 2 +

[PATCH v8 2/3] Teach SELinux about anonymous inodes

From: Daniel Colascione This change uses the anon_inodes and LSM infrastructure introduced in the previous patch to give SELinux the ability to control anonymous-inode files that are created using the new anon_inode_getfd_secure() function. A SELinux policy author detects and controls these anon

[PATCH v3 0/2] Control over userfaultfd kernel-fault handling

- Removed the new sysctl knob restricting handling of page faults from kernel-mode, and added an option for the same in the existing 'unprivileged_userfaultfd' knob. Lokesh Gidra (2): Add UFFD_USER_MODE_ONLY Add user-mode only option to unprivileged_userfaultfd sysctl knob Docu

[PATCH v3 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

ned-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- Documentation/admin-guide/sysctl/vm.rst | 10 +++--- fs/userfaultfd.c| 10 -- kernel/sysctl.c | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/Documentation/a

[PATCH v3 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 6 +- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a383

Re: [PATCH v7 1/3] Add a new LSM-supporting anonymous inode interface

On Mon, Aug 24, 2020 at 8:50 PM Eric Biggers wrote: > > On Fri, Aug 21, 2020 at 11:56:43AM -0700, Lokesh Gidra wrote: > > From: Daniel Colascione > > > > This change adds a new function, anon_inode_getfd_secure, that creates > > anonymous-node file with individua

Re: [PATCH v2 1/2] Add UFFD_USER_MODE_ONLY

On Mon, Aug 24, 2020 at 5:32 AM Sebastian Andrzej Siewior wrote: > > On 2020-08-21 18:40:17 [-0700], Lokesh Gidra wrote: > > --- a/fs/userfaultfd.c > > +++ b/fs/userfaultfd.c > > @@ -1966,6 +1969,7 @@ static void init_once_userfaultfd_ctx(void *mem) > > > &g

[PATCH v2 0/2] Control over userfaultfd kernel-fault handling

e existing 'unprivileged_userfaultfd' knob. Lokesh Gidra (2): Add UFFD_USER_MODE_ONLY Add user-mode only option to unprivileged_userfaultfd sysctl knob Documentation/admin-guide/sysctl/vm.rst | 10 +++--- fs/userfaultfd.c| 17 ++--- include/uapi

[PATCH v2 2/2] Add user-mode only option to unprivileged_userfaultfd sysctl knob

ned-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- Documentation/admin-guide/sysctl/vm.rst | 10 +++--- fs/userfaultfd.c| 10 -- kernel/sysctl.c | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/Documentation/a

[PATCH v2 1/2] Add UFFD_USER_MODE_ONLY

ndows for future exploits. Signed-off-by: Daniel Colascione Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 7 ++- include/uapi/linux/userfaultfd.h | 9 + 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a383

Re: [PATCH v7 1/3] Add a new LSM-supporting anonymous inode interface

On Fri, Aug 21, 2020 at 11:57 AM Lokesh Gidra wrote: > > From: Daniel Colascione > > This change adds a new function, anon_inode_getfd_secure, that creates > anonymous-node file with individual non-S_PRIVATE inode to which security > modules can apply policy. Existing callers

[PATCH v7 2/3] Teach SELinux about anonymous inodes

From: Daniel Colascione This change uses the anon_inodes and LSM infrastructure introduced in the previous patch to give SELinux the ability to control anonymous-inode files that are created using the new anon_inode_getfd_secure() function. A SELinux policy author detects and controls these anon

[PATCH v7 3/3] Wire UFFD up to SELinux

syscall] [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra --- fs/userfaultfd.c | 23 ++- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 0e4a3837da52..46ea552fe7c4 100644

[PATCH v7 0/3] SELinux support for anonymous inodes and UFFD

Userfaultfd in unprivileged contexts could be potentially very useful. We'd like to harden userfaultfd to make such unprivileged use less risky. This patch series allows SELinux to manage userfaultfd file descriptors and in the future, other kinds of anonymous-inode-based file descriptor. SELinux

[PATCH v7 1/3] Add a new LSM-supporting anonymous inode interface

() static] [Use correct error cast in _anon_inode_getfile()] Signed-off-by: Lokesh Gidra --- fs/anon_inodes.c | 148 -- include/linux/anon_inodes.h | 13 +++ include/linux/lsm_hook_defs.h | 2 + include/linux/lsm_hooks.h | 7 ++ include/l

Re: [PATCH v6 0/3] SELinux support for anonymous inodes and UFFD

On Thu, Aug 20, 2020 at 11:36 AM James Morris wrote: > > On Fri, 7 Aug 2020, Lokesh Gidra wrote: > > > Userfaultfd in unprivileged contexts could be potentially very > > useful. We'd like to harden userfaultfd to make such unprivileged use > > less risky. Thi

Re: [PATCH 2/2] Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only

gt; > > > On Thu, Jul 23, 2020 at 10:30 AM Lokesh Gidra > > > > wrote: > > > > > From the discussion so far it seems that there is a consensus that > > > > > patch 1/2 in this series should be upstreamed in any case. Is there > > > >

Re: [PATCH v6 1/3] Add a new LSM-supporting anonymous inode interface

On Fri, Aug 7, 2020 at 4:02 PM Al Viro wrote: > > On Fri, Aug 07, 2020 at 03:49:39PM -0700, Lokesh Gidra wrote: > > > The new functions accept an optional context_inode parameter that > > callers can use to provide additional contextual information to > > security mod

  1   2   >