On Mon, Mar 11, 2019 at 05:37:01PM +0800, Peter Xu wrote:
> Apply the unprivileged_userfaultfd check when doing userfaultfd
> syscall. We didn't check it in other paths of userfaultfd (e.g., the
> ioctl() path) because we don't want to drag down the fast path of
> userfaultfd, as suggested by Andrea.
>
> Suggested-by: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> Suggested-by: Mike Rapoport <rppt@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Peter Xu <peterx@xxxxxxxxxx>
> ---
> fs/userfaultfd.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index c2188464555a..effdcfc88629 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -951,6 +951,28 @@ void userfaultfd_unmap_complete(struct mm_struct *mm, struct list_head *uf)
> }
> }
>
> +/* Whether current process allows to use userfaultfd syscalls */
> +static bool userfaultfd_allowed(void)
> +{
> + bool allowed = false;
> +
> + switch (unprivileged_userfaultfd) {
> + case UFFD_UNPRIV_ENABLED:
> + allowed = true;
> + break;
> + case UFFD_UNPRIV_KVM:
> + allowed = !!test_bit(MMF_USERFAULTFD_ALLOW,
> + ¤t->mm->flags);
> + /* Fall through */
Sorry I should squash this in otherwise compilation of !CONFIG_KVM
will break:
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index effdcfc88629..1b3fa5935643 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -960,10 +960,12 @@ static bool userfaultfd_allowed(void)
case UFFD_UNPRIV_ENABLED:
allowed = true;
break;
+#if IS_ENABLED(CONFIG_KVM)
case UFFD_UNPRIV_KVM:
allowed = !!test_bit(MMF_USERFAULTFD_ALLOW,
¤t->mm->flags);
/* Fall through */
+#endif
case UFFD_UNPRIV_DISABLED:
allowed = allowed || ns_capable(current_user_ns(),
CAP_SYS_PTRACE);
Will wait for more comments before I repost. Sorry for the noise.
Regards,
--
Peter Xu
