Re: [RFC PATCH RESEND] userfaultfd: open userfaultfds with O_RDONLY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Aug 19, 2022 at 02:50:57PM -0400, Paul Moore wrote:
> On Tue, Aug 16, 2022 at 6:12 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Fri, Jul 8, 2022 at 5:35 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > >
> > > Since userfaultfd doesn't implement a write operation, it is more
> > > appropriate to open it read-only.
> > >
> > > When userfaultfds are opened read-write like it is now, and such fd is
> > > passed from one process to another, SELinux will check both read and
> > > write permissions for the target process, even though it can't actually
> > > do any write operation on the fd later.
> > >
> > > Inspired by the following bug report, which has hit the SELinux scenario
> > > described above:
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1974559
> > >
> > > Reported-by: Robert O'Callahan <roc@xxxxxxxxxxxxx>
> > > Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > > ---
> > >
> > > Resending as the last submission was ignored for over a year...
> > >
> > > https://lore.kernel.org/lkml/20210624152515.1844133-1-omosnace@xxxxxxxxxx/T/
> > >
> > > I marked this as RFC, because I'm not sure if this has any unwanted side
> > > effects. I only ran this patch through selinux-testsuite, which has a
> > > simple userfaultfd subtest, and a reproducer from the Bugzilla report.
> > >
> > > Please tell me whether this makes sense and/or if it passes any
> > > userfaultfd tests you guys might have.
> > >
> > >  fs/userfaultfd.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > VFS folks, any objection to this patch?  It seems reasonable to me and
> > I'd really prefer this to go in via the vfs tree, but I'm not above
> > merging this via the lsm/next tree to get someone in vfs land to pay
> > attention to this ...
> 
> Okay, final warning, if I don't see any objections to this when I make
> my patch sweep next week I'm going to go ahead and merge this via the
> LSM tree.

Makes sense,
Acked-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx>
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux