Re: [PATCH v10 3/3] Use secure anon inodes for userfaultfd

From: Eric Biggers
Date: Wed Nov 04 2020 - 15:36:37 EST

Next message: Andy Shevchenko: "Re: [PATCH 1/4] pinctrl: amd: fix incorrect way to disable debounce filter"
Previous message: Andy Shevchenko: "Re: [PATCH v2 0/8] gpio: exar: refactor the driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 11, 2020 at 01:29:36AM -0700, Lokesh Gidra wrote:
> From: Daniel Colascione <dancol@xxxxxxxxxx>
>
> This change gives userfaultfd file descriptors a real security
> context, allowing policy to act on them.
>
> Signed-off-by: Daniel Colascione <dancol@xxxxxxxxxx>
>
> [Remove owner inode from userfaultfd_ctx]
> [Use anon_inode_getfd_secure() instead of anon_inode_getfile_secure()
> in userfaultfd syscall]
> [Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
>
> Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx>
> ---

I'm not an expert in userfaultfd or SELinux, but I don't see any issues with
this patch, and the comments I made earlier were resolved (except for the patch
title which I just pointed out -- it should have "userfaultfd:" prefix).

So feel free to add:

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Next message: Andy Shevchenko: "Re: [PATCH 1/4] pinctrl: amd: fix incorrect way to disable debounce filter"
Previous message: Andy Shevchenko: "Re: [PATCH v2 0/8] gpio: exar: refactor the driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]