ccepts private anonymous mappings. This
> > change
> > will widen the support to include shmem mappings. The primary use case
> > is to support MREMAP_DONTUNMAP on mappings which may have been created from
> > a memfd.
> >
> > Lokesh Gidra who works on the Android JVM
On Thu, Jan 28, 2021 at 2:48 PM Axel Rasmussen wrote:
>
> This ioctl is how userspace ought to resolve "minor" userfaults. The
> idea is, userspace is notified that a minor fault has occurred. It might
> change the contents of the page using its second non-UFFD mapping, or
> not. Then, it calls
On Mon, Jan 25, 2021 at 5:44 PM Lokesh Gidra wrote:
>
> Add description of UFFD_USER_MODE_ONLY flag to userfaultfd(2) manual
> page, which is required after [1]. Also updated the description of
> unprivileged_userfaultfd file in proc(5) as per [2].
>
> [1]
> https://lor
://lore.kernel.org/linux-mm/20201215031354.gushjupko%25a...@linux-foundation.org/
Signed-off-by: Lokesh Gidra
---
man2/userfaultfd.2 | 5 +
man5/proc.5| 12
2 files changed, 17 insertions(+)
diff --git a/man2/userfaultfd.2 b/man2/userfaultfd.2
index e7dc9f813..792a49d52
On Thu, Jan 14, 2021 at 2:47 PM Paul Moore wrote:
>
> On Tue, Jan 12, 2021 at 12:15 PM Paul Moore wrote:
> >
> > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra wrote:
> > >
> > > Userfaultfd in unprivileged contexts could be potentially very
> > > us
in __anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/anon_inodes.c| 150 ++--
fs/libfs.c | 5 --
include/linux/anon_inodes.h | 5 ++
3 files changed, 115 insertions(+), 45 deletions(-)
diff --git a/fs
()
in userfaultfd syscall]
[LG: Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index
cc8-5bbbfc9ba...@tycho.nsa.gov/
Daniel Colascione (3):
fs: add LSM-supporting anon-inode interface
selinux: teach SELinux about anonymous inodes
userfaultfd: use secure anon inodes for userfaultfd
Lokesh Gidra (1):
security: add inode_init_security_anon() LSM hook
fs/anon_ino
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
security/selinux/hooks.c| 57 +
security/selinux/include/classmap.h | 2 +
2 files changed, 59 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
in
additional contextual information to security modules
for granting/denying permission to create an anon-inode of the same type.
This context_inode's security_context can also be used to initialize the
newly created anon-inode's security_context.
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
On Fri, Jan 8, 2021 at 1:24 PM Stephen Smalley
wrote:
>
> On Fri, Jan 8, 2021 at 3:17 PM Lokesh Gidra wrote:
> >
> > On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley
> > wrote:
> > >
> > > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
> > &g
On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley
wrote:
>
> On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
> >
> > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > > From: Daniel Colascione
> > >
> > > This change uses the
in __anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/anon_inodes.c| 150 ++--
fs/libfs.c | 5 --
include/linux/anon_inodes.h | 5 ++
3 files changed, 115 insertions(+), 45 deletions(-)
diff --git a/fs
()
in userfaultfd syscall]
[LG: Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
security/selinux/hooks.c| 59 +
security/selinux/include/classmap.h | 2 +
2 files changed, 61 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
in
/lore.kernel.org/lkml/23f725ca-5b5a-5938-fcc8-5bbbfc9ba...@tycho.nsa.gov/
Daniel Colascione (3):
fs: add LSM-supporting anon-inode interface
selinux: teach SELinux about anonymous inodes
userfaultfd: use secure anon inodes for userfaultfd
Lokesh Gidra (1):
security: add inode_init
additional contextual information to security modules
for granting/denying permission to create an anon-inode of the same type.
This context_inode's security_context can also be used to initialize the
newly created anon-inode's security_context.
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
On Thu, Jan 7, 2021 at 2:30 PM Paul Moore wrote:
>
> On Wed, Jan 6, 2021 at 10:55 PM Lokesh Gidra wrote:
> > On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote:
> > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra
> > > wrote:
> > > > From: Daniel Co
On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote:
>
> On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change uses the anon_inodes and LSM infrastructure introduced in
> > the previous patches to give SELinux the ability
On Wed, Jan 6, 2021 at 6:10 PM Paul Moore wrote:
>
> On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change adds a new function, anon_inode_getfd_secure, that creates
> > anonymous-node file with individual non-S_P
On Mon, Nov 23, 2020 at 2:43 PM Paul Moore wrote:
>
> On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote:
> > On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote:
> > > On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra
> > > wrote:
> > > > I have
On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote:
>
> On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra wrote:
> > I have created a cuttlefish build and have tested with the attached
> > userfaultfd program:
>
> Thanks, that's a good place to start, a few comments:
>
&
On Fri, Nov 20, 2020 at 3:33 PM Andrew Morton wrote:
>
> On Thu, 19 Nov 2020 19:04:10 -0800 Lokesh Gidra
> wrote:
>
> > userfaultfd handles page faults from both user and kernel code.
> > Add a new UFFD_USER_MODE_ONLY flag for userfaultfd(2) that makes
> > th
On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote:
>
> With this change, when the knob is set to 0, it allows unprivileged
> users to call userfaultfd, like when it is set to 1, but with the
> restriction that page faults from only user-mode can be handled.
> In this mode, an un
On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote:
>
> userfaultfd handles page faults from both user and kernel code.
> Add a new UFFD_USER_MODE_ONLY flag for userfaultfd(2) that makes
> the resulting userfaultfd object refuse to handle faults from kernel
> mode, treati
On Thu, Nov 19, 2020 at 7:04 PM Lokesh Gidra wrote:
>
> This patch series is split from [1]. The other series enables SELinux
> support for userfaultfd file descriptors so that its creation and
> movement can be controlled.
>
> It has been demonstrated on various occasions that
as with the sysctl set to zero. So
without this commit, any Linux binary using userfaultfd to manage its
memory would behave differently if run within the Android userland.
For more details, refer to Andrea's reply [1].
[1] https://lore.kernel.org/lkml/20200904033438.gi9...@redhat.com/
Signed-off-by: Lokesh Gidra
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
Reviewed-by: Andrea Arcangeli
---
fs/userfaultfd.c | 10 +-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b
handling of page
faults from kernel-mode, and added an option for the same
in the existing 'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only option to unprivileged_userfaultfd sysctl knob
Documentation/admin-guide/sysctl/vm.rst | 15
On Mon, Oct 26, 2020 at 2:00 PM Lokesh Gidra wrote:
>
> This patch series is split from [1]. The other series enables SELinux
> support for userfaultfd file descriptors so that its creation and
> movement can be controlled.
>
> It has been demonstrated on various occasions that
On Thu, Nov 12, 2020 at 4:13 PM Paul Moore wrote:
>
> On Tue, Nov 10, 2020 at 10:30 PM Lokesh Gidra wrote:
> > On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote:
> > > On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra
> > > wrote:
> > > > On Mon
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 000b457ad087
additional contextual information to security modules
for granting/denying permission to create an anon-inode of the same type.
This context_inode's security_context can also be used to initialize the
newly created anon-inode's security_context.
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/anon_inodes.c| 150 ++--
fs/libfs.c | 5 --
include/linux/anon_inodes.h | 5 ++
3 files changed, 115 insertions(+), 45 deletions(-)
diff --git a/fs/anon_inodes.c b/fs
mous inodes
userfaultfd: use secure anon inodes for userfaultfd
Lokesh Gidra (1):
security: add inode_init_security_anon() LSM hook
fs/anon_inodes.c| 150
fs/libfs.c | 5 -
fs/userfaultfd.c
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
security/selinux/hooks.c| 56 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 58 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
in
On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote:
>
> On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote:
> > On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote:
> > > On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra
> > > wrote:
> > > >
> > > >
Thanks a lot Paul for the reviewing this patch.
On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote:
>
> On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra wrote:
> >
> > From: Daniel Colascione
> >
> > This change uses the anon_inodes and LSM infrastructure introduc
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 000b457ad087
upporting anon-inode interface
selinux: teach SELinux about anonymous inodes
userfaultfd: use secure anon inodes for userfaultfd
Lokesh Gidra (1):
security: add inode_init_security_anon() LSM hook
fs/anon_inodes.c| 150
fs/libfs.c
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
security/selinux/hooks.c| 53 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
in
()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c| 150 ++--
fs/libfs.c | 5 --
include/linux/anon_inodes.h | 5 ++
3 files changed, 115 insertions(+), 45 deletions(-)
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index
additional contextual information to security modules
for granting/denying permission to create an anon-inode of the same type.
This context_inode's security_context can also be used to initialize the
newly created anon-inode's security_context.
Signed-off-by: Lokesh Gidra
---
include/linux
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
Reviewed-by: Eric Biggers
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 000b457ad087
in __anon_inode_getfile()]
[Fix error handling in __anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c| 149 ++--
fs/libfs.c | 6 +-
include/linux/anon_inodes.h | 5 ++
3 files changed, 117 insertions(+), 43 deletions
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
security/selinux/hooks.c| 53 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
in
to create an anon-
inode of the same type.
Signed-off-by: Lokesh Gidra
---
include/linux/lsm_hook_defs.h | 2 ++
include/linux/lsm_hooks.h | 9 +
include/linux/security.h | 10 ++
security/security.c | 8
4 files changed, 29 insertions(+)
diff --git
https://lore.kernel.org/lkml/23f725ca-5b5a-5938-fcc8-5bbbfc9ba...@tycho.nsa.gov/
Daniel Colascione (3):
fs: add LSM-supporting anon-inode interface
selinux: teach SELinux about anonymous inodes
userfaultfd: use secure anon inodes for userfaultfd
Lokesh Gidra (1):
security: add inode_init
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52..918535b49475 100644
--- a/fs
correct error cast in __anon_inode_getfile()]
[Fix error handling in __anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c | 148 +-
include/linux/anon_inodes.h | 8 ++
include/linux/lsm_hook_defs.h | 2 +
include/linux
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
Cc: Al Viro
Cc: Andrew Morton
---
security/selinux/hooks.c| 53 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/security/selinux/hooks.c b/
Userfaultfd in unprivileged contexts could be potentially very
useful. We'd like to harden userfaultfd to make such unprivileged use
less risky. This patch series allows SELinux to manage userfaultfd
file descriptors and in the future, other kinds of
anonymous-inode-based file descriptor. SELinux
as with the sysctl set to zero. So
without this commit, any Linux binary using userfaultfd to manage its
memory would behave differently if run within the Android userland.
For more details, refer to Andrea's reply [1].
[1] https://lore.kernel.org/lkml/20200904033438.gi9...@redhat.com/
Signed-off-by: Lokesh Gidra
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
Reviewed-by: Andrea Arcangeli
---
fs/userfaultfd.c | 10 +-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b
handling of page
faults from kernel-mode, and added an option for the same
in the existing 'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only option to unprivileged_userfaultfd sysctl knob
Documentation/admin-guide/sysctl/vm.rst | 15
On Sun, Oct 11, 2020 at 1:29 AM Lokesh Gidra wrote:
>
> Userfaultfd in unprivileged contexts could be potentially very
> useful. We'd like to harden userfaultfd to make such unprivileged use
> less risky. This patch series allows SELinux to manage userfaultfd
> file descriptors an
On Fri, Oct 23, 2020 at 7:48 PM Andrea Arcangeli wrote:
>
> Hello everyone,
>
> On Sat, Oct 10, 2020 at 11:24:56PM -0700, Lokesh Gidra wrote:
> > With this change, when the knob is set to 0, it allows unprivileged
> > users to call userfaultfd,
On Thu, Oct 8, 2020 at 4:22 PM Nick Kralevich wrote:
>
> On Wed, Oct 7, 2020 at 9:01 PM Andrea Arcangeli wrote:
> >
> > Hello Lokesh,
> >
> > On Wed, Oct 07, 2020 at 01:26:55PM -0700, Lokesh Gidra wrote:
> > > On Wed, Sep 23, 2020
Userfaultfd in unprivileged contexts could be potentially very
useful. We'd like to harden userfaultfd to make such unprivileged use
less risky. This patch series allows SELinux to manage userfaultfd
file descriptors and in the future, other kinds of
anonymous-inode-based file descriptor. SELinux
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
Cc: Al Viro
Cc: Andrew Morton
---
security/selinux/hooks.c| 53 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/security/selinux/hooks.c b/
correct error cast in __anon_inode_getfile()]
[Fix error handling in __anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c | 148 +-
include/linux/anon_inodes.h | 8 ++
include/linux/lsm_hook_defs.h | 2 +
include/linux
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52..918535b49475 100644
--- a/fs
/
Signed-off-by: Lokesh Gidra
---
Documentation/admin-guide/sysctl/vm.rst | 15 ++-
fs/userfaultfd.c| 6 --
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/Documentation/admin-guide/sysctl/vm.rst
b/Documentation/admin-guide/sysctl/vm.rst
index
unprivileged
users to handle page faults from kernel-mode.
- Removed the new sysctl knob restricting handling of page
faults from kernel-mode, and added an option for the same
in the existing 'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 10 +-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index
On Wed, Sep 23, 2020 at 12:33 PM Lokesh Gidra wrote:
>
> Userfaultfd in unprivileged contexts could be potentially very
> useful. We'd like to harden userfaultfd to make such unprivileged use
> less risky. This patch series allows SELinux to manage userfaultfd
> file descriptors an
On Wed, Sep 23, 2020 at 11:56 PM Lokesh Gidra wrote:
>
> This patch series is split from [1]. The other series enables SELinux
> support for userfaultfd file descriptors so that its creation and
> movement can be controlled.
>
> It has been demonstrated on various occasions that
On Thu, Oct 1, 2020 at 10:36 PM Kirill A. Shutemov
wrote:
>
> On Thu, Oct 01, 2020 at 05:09:02PM -0700, Lokesh Gidra wrote:
> > On Thu, Oct 1, 2020 at 9:00 AM Kalesh Singh wrote:
> > >
> > > On Thu, Oct 1, 2020 at 8:27 AM Kirill A. Shutemov
> > > wrot
On Thu, Oct 1, 2020 at 9:00 AM Kalesh Singh wrote:
>
> On Thu, Oct 1, 2020 at 8:27 AM Kirill A. Shutemov
> wrote:
> >
> > On Wed, Sep 30, 2020 at 03:42:17PM -0700, Lokesh Gidra wrote:
> > > On Wed, Sep 30, 2020 at 3:32 PM Kirill A. Shutemov
> > > wrot
On Wed, Sep 30, 2020 at 3:32 PM Kirill A. Shutemov
wrote:
>
> On Wed, Sep 30, 2020 at 10:21:17PM +, Kalesh Singh wrote:
> > mremap time can be optimized by moving entries at the PMD/PUD level if
> > the source and destination addresses are PMD/PUD-aligned and
> > PMD/PUD-sized. Enable moving
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 6 +-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52
knob restricting handling of page
faults from kernel-mode, and added an option for the same
in the existing 'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only option to unprivileged_userfaultfd sysctl knob
Documentation/admin-guide/sysctl
/
Signed-off-by: Lokesh Gidra
---
Documentation/admin-guide/sysctl/vm.rst | 15 ++-
fs/userfaultfd.c| 6 --
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/Documentation/admin-guide/sysctl/vm.rst
b/Documentation/admin-guide/sysctl/vm.rst
index
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52..918535b49475 100644
--- a/fs
ition.)
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
Cc: Al Viro
Cc: Andrew Morton
---
security/selinux/hooks.c| 53 +
security/selinux/include/classmap.h | 2 ++
2 files changed, 55 insertions(+)
diff --git a/security/selinux/hooks.c b/
correct error cast in _anon_inode_getfile()]
[Fix error handling in _anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c | 147 +-
include/linux/anon_inodes.h | 8 ++
include/linux/lsm_hook_defs.h | 2 +
include/linux
Userfaultfd in unprivileged contexts could be potentially very
useful. We'd like to harden userfaultfd to make such unprivileged use
less risky. This patch series allows SELinux to manage userfaultfd
file descriptors and in the future, other kinds of
anonymous-inode-based file descriptor. SELinux
On Tue, Sep 1, 2020 at 5:41 AM Christian Brauner
wrote:
>
> On Wed, Aug 26, 2020 at 11:35:20PM -0700, Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change adds a new function, anon_inode_getfd_secure, that creates
> > anonymous-node file with
On Thu, Sep 3, 2020 at 8:34 PM Andrea Arcangeli wrote:
>
> Hello,
>
> On Mon, Aug 17, 2020 at 03:11:16PM -0700, Lokesh Gidra wrote:
> > There has been an emphasis that Android is probably the only user for
> > the restriction of userfaults from kernel-space and that i
On Mon, Aug 31, 2020 at 11:05 AM Stephen Smalley
wrote:
>
> On Thu, Aug 27, 2020 at 2:35 AM Lokesh Gidra wrote:
> >
> > From: Daniel Colascione
> >
> > This change uses the anon_inodes and LSM infrastructure introduced in
> > the previous patch to
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52..918535b49475 100644
--- a/fs
Userfaultfd in unprivileged contexts could be potentially very
useful. We'd like to harden userfaultfd to make such unprivileged use
less risky. This patch series allows SELinux to manage userfaultfd
file descriptors and in the future, other kinds of
anonymous-inode-based file descriptor. SELinux
correct error cast in _anon_inode_getfile()]
[Fix error handling in _anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c | 147 +-
include/linux/anon_inodes.h | 8 ++
include/linux/lsm_hook_defs.h | 2 +
include/linux
From: Daniel Colascione
This change uses the anon_inodes and LSM infrastructure introduced in
the previous patch to give SELinux the ability to control
anonymous-inode files that are created using the new anon_inode_getfd_secure()
function.
A SELinux policy author detects and controls these
restricting handling of page
faults from kernel-mode, and added an option for the same
in the existing 'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only option to unprivileged_userfaultfd sysctl knob
Documentation/admin-guide/sysctl/vm.rst | 10
-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
Documentation/admin-guide/sysctl/vm.rst | 10 +++---
fs/userfaultfd.c| 10 --
kernel/sysctl.c | 2 +-
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/Documentation/admin-guide
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 6 +-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52
On Mon, Aug 24, 2020 at 8:50 PM Eric Biggers wrote:
>
> On Fri, Aug 21, 2020 at 11:56:43AM -0700, Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change adds a new function, anon_inode_getfd_secure, that creates
> > anonymous-node file with individua
On Mon, Aug 24, 2020 at 5:32 AM Sebastian Andrzej Siewior
wrote:
>
> On 2020-08-21 18:40:17 [-0700], Lokesh Gidra wrote:
> > --- a/fs/userfaultfd.c
> > +++ b/fs/userfaultfd.c
> > @@ -1966,6 +1969,7 @@ static void init_once_userfaultfd_ctx(void *mem)
> >
> &g
'unprivileged_userfaultfd' knob.
Lokesh Gidra (2):
Add UFFD_USER_MODE_ONLY
Add user-mode only option to unprivileged_userfaultfd sysctl knob
Documentation/admin-guide/sysctl/vm.rst | 10 +++---
fs/userfaultfd.c| 17 ++---
include/uapi/linux/userfaultfd.h
-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
Documentation/admin-guide/sysctl/vm.rst | 10 +++---
fs/userfaultfd.c| 10 --
kernel/sysctl.c | 2 +-
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/Documentation/admin-guide
for future exploits.
Signed-off-by: Daniel Colascione
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 7 ++-
include/uapi/linux/userfaultfd.h | 9 +
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52
On Fri, Aug 21, 2020 at 11:57 AM Lokesh Gidra wrote:
>
> From: Daniel Colascione
>
> This change adds a new function, anon_inode_getfd_secure, that creates
> anonymous-node file with individual non-S_PRIVATE inode to which security
> modules can apply policy. Existing call
From: Daniel Colascione
This change uses the anon_inodes and LSM infrastructure introduced in
the previous patch to give SELinux the ability to control
anonymous-inode files that are created using the new anon_inode_getfd_secure()
function.
A SELinux policy author detects and controls these
syscall]
[Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
Signed-off-by: Lokesh Gidra
---
fs/userfaultfd.c | 23 ++-
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 0e4a3837da52..46ea552fe7c4 100644
Userfaultfd in unprivileged contexts could be potentially very
useful. We'd like to harden userfaultfd to make such unprivileged use
less risky. This patch series allows SELinux to manage userfaultfd
file descriptors and in the future, other kinds of
anonymous-inode-based file descriptor. SELinux
correct error cast in _anon_inode_getfile()]
Signed-off-by: Lokesh Gidra
---
fs/anon_inodes.c | 148 --
include/linux/anon_inodes.h | 13 +++
include/linux/lsm_hook_defs.h | 2 +
include/linux/lsm_hooks.h | 7 ++
include/linux/security.h
On Thu, Aug 20, 2020 at 11:36 AM James Morris wrote:
>
> On Fri, 7 Aug 2020, Lokesh Gidra wrote:
>
> > Userfaultfd in unprivileged contexts could be potentially very
> > useful. We'd like to harden userfaultfd to make such unprivileged use
> > less risky. This
:
> > > > On Thu, Jul 23, 2020 at 10:30 AM Lokesh Gidra
> > > > wrote:
> > > > > From the discussion so far it seems that there is a consensus that
> > > > > patch 1/2 in this series should be upstreamed in any case. Is there
> > > >
On Fri, Aug 7, 2020 at 4:02 PM Al Viro wrote:
>
> On Fri, Aug 07, 2020 at 03:49:39PM -0700, Lokesh Gidra wrote:
>
> > The new functions accept an optional context_inode parameter that
> > callers can use to provide additional contextual information to
> > securit
1 - 100 of 113 matches
Mail list logo