On Jul 19, 2022, at 12:56 PM, Axel Rasmussen <axelrasmussen@xxxxxxxxxx> wrote:
>
> +static int new_userfaultfd(bool is_syscall, int flags)
> {
> struct userfaultfd_ctx *ctx;
> int fd;
>
> - if (!sysctl_unprivileged_userfaultfd &&
> - (flags & UFFD_USER_MODE_ONLY) == 0 &&
> - !capable(CAP_SYS_PTRACE)) {
> - printk_once(KERN_WARNING "uffd: Set unprivileged_userfaultfd "
> - "sysctl knob to 1 if kernel faults must be handled "
> - "without obtaining CAP_SYS_PTRACE capability\n");
> + if (is_syscall && !userfaultfd_syscall_allowed(flags))
> return -EPERM;
> - }
>
> BUG_ON(!current->mm);
>
> @@ -2098,8 +2105,42 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
> return fd;
> }
>
> +SYSCALL_DEFINE1(userfaultfd, int, flags)
> +{
> + return new_userfaultfd(true, flags);
> +}
Not critical, but why not to put the userfaultfd_syscall_allowed() check
here? You would be able to lose the “is_syscall”.
I also had a small comment for patch 5.
But these are minor issues, so for the series:
Acked-by: Nadav Amit <namit@xxxxxxxxxx>
[ Sorry again for misunderstanding the scheme you were using is similar to
KVM and therefore reasonable. ]
