On Wed, 6 May 2020 15:38:16 -0400 Peter Xu <peterx@xxxxxxxxxx> wrote: > If this is going to be added... I am thinking whether it should be easier to > add another value for unprivileged_userfaultfd, rather than a new sysctl. E.g.: > > "0": unprivileged userfaultfd forbidden > "1": unprivileged userfaultfd allowed (both user/kernel faults) > "2": unprivileged userfaultfd allowed (only user faults) > > Because after all unprivileged_userfaultfd_user_mode_only will be meaningless > (iiuc) if unprivileged_userfaultfd=0. The default value will also be the same > as before ("1") then. It occurs to me to wonder whether this interface should also let an admin block *privileged* user from handling kernel-space faults? In a secure-boot/lockdown setting, this could be a hardening measure that keeps a (somewhat) restricted root user from expanding their privilege...? jon