This small patch series adds a new flag to userfaultfd(2) that allows callers to give up the ability to handle user-mode faults with the resulting UFFD file object. In then add a new sysctl to require unprivileged callers to use this new flag. The purpose of this new interface is to decrease the change of an unprivileged userfaultfd user taking advantage of userfaultfd to enhance security vulnerabilities by lengthening the race window in kernel code. This patch series is split from [1]. [1] https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@xxxxxxxxxx/ Daniel Colascione (2): Add UFFD_USER_MODE_ONLY Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only Documentation/admin-guide/sysctl/vm.rst | 13 +++++++++++++ fs/userfaultfd.c | 18 ++++++++++++++++-- include/linux/userfaultfd_k.h | 1 + include/uapi/linux/userfaultfd.h | 9 +++++++++ kernel/sysctl.c | 9 +++++++++ 5 files changed, 48 insertions(+), 2 deletions(-) -- 2.26.2.303.gf8c07b1a785-goog
