Daniel, the original contributor of this patchset, has moved to another company. Adding his personal email, in case he still wants to be involved. >From the discussion so far it seems that there is a consensus that patch 1/2 in this series should be upstreamed in any case. Is there anything that is pending on that patch? On Fri, Jul 17, 2020 at 5:57 AM Jeffrey Vander Stoep <jeffv@xxxxxxxxxx> wrote: > > On Wed, May 20, 2020 at 11:17 PM Andrea Arcangeli <aarcange@xxxxxxxxxx> wrote: > > > > On Wed, May 20, 2020 at 01:17:20PM -0700, Lokesh Gidra wrote: > > > Adding the Android kernel team in the discussion. > > > > Unless I'm mistaken that you can already enforce bit 1 of the second > > parameter of the userfaultfd syscall to be set with seccomp-bpf, this > > would be more a question to the Android userland team. > > > > The question would be: does it ever happen that a seccomp filter isn't > > already applied to unprivileged software running without > > SYS_CAP_PTRACE capability? > > Yes. > > Android uses selinux as our primary sandboxing mechanism. We do use > seccomp on a few processes, but we have found that it has a > surprisingly high performance cost [1] on arm64 devices so turning it > on system wide is not a good option. > > [1] https://lore.kernel.org/linux-security-module/202006011116.3F7109A@keescook/T/#m82ace19539ac595682affabdf652c0ffa5d27dad > > > > > > If answer is "no" the behavior of the new sysctl in patch 2/2 (in > > subject) should be enforceable with minor changes to the BPF > > assembly. Otherwise it'd require more changes. > > Adding Nick (Jeff is already here) to respond to Andrea's concerns about adding option '2' to sysctl knob. > > Thanks! > > Andrea > >
