Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API.

From: Andy Lutomirski
Date: Sat Oct 12 2019 - 19:11:10 EST

Next message: Andy Lutomirski: "Re: [PATCH 6/7] Allow users to require UFFD_SECURE"
Previous message: Andy Lutomirski: "Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class"
In reply to: Daniel Colascione: "[PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Next in thread: Daniel Colascione: "Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione <dancol@xxxxxxxxxx> wrote:
>
> The new secure flag makes userfaultfd use a new "secure" anonymous
> file object instead of the default one, letting security modules
> supervise userfaultfd use.
>
> Requiring that users pass a new flag lets us avoid changing the
> semantics for existing callers.

Is there any good reason not to make this be the default?

The only downside I can see is that it would increase the memory usage
of userfaultfd(), but that doesn't seem like such a big deal. A
lighter-weight alternative would be to have a single inode shared by
all userfaultfd instances, which would require a somewhat different
internal anon_inode API.

In any event, I don't think that "make me visible to SELinux" should
be a choice that user code makes.

--Andy

Next message: Andy Lutomirski: "Re: [PATCH 6/7] Allow users to require UFFD_SECURE"
Previous message: Andy Lutomirski: "Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class"
In reply to: Daniel Colascione: "[PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Next in thread: Daniel Colascione: "Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]