2 Aug
2022
2 Aug
'22
6:46 p.m.
On Jul 19, 2022, at 12:56 PM, Axel Rasmussen axelrasmussen@google.com wrote:
+static int new_userfaultfd(bool is_syscall, int flags) { struct userfaultfd_ctx *ctx; int fd;
- if (!sysctl_unprivileged_userfaultfd &&
(flags & UFFD_USER_MODE_ONLY) == 0 &&!capable(CAP_SYS_PTRACE)) {printk_once(KERN_WARNING "uffd: Set unprivileged_userfaultfd ""sysctl knob to 1 if kernel faults must be handled ""without obtaining CAP_SYS_PTRACE capability\n");
- if (is_syscall && !userfaultfd_syscall_allowed(flags)) return -EPERM;
}
BUG_ON(!current->mm);
@@ -2098,8 +2105,42 @@ SYSCALL_DEFINE1(userfaultfd, int, flags) return fd; }
+SYSCALL_DEFINE1(userfaultfd, int, flags) +{
- return new_userfaultfd(true, flags);
+}
Not critical, but why not to put the userfaultfd_syscall_allowed() check here? You would be able to lose the “is_syscall”.
I also had a small comment for patch 5.
But these are minor issues, so for the series:
Acked-by: Nadav Amit namit@vmware.com
[ Sorry again for misunderstanding the scheme you were using is similar to KVM and therefore reasonable. ]