Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API.

From: Andy Lutomirski
Date: Wed Oct 23 2019 - 19:01:59 EST




> On Oct 23, 2019, at 3:41 PM, Andrea Arcangeli <aarcange@xxxxxxxxxx> wrote:
>
> ïOn Wed, Oct 23, 2019 at 02:25:35PM -0700, Andy Lutomirski wrote:
>> That doesn't solve the problem. With your time machine, you should
>
> Would you elaborate what problem remains if execve closes all uffd
> so that read() cannot run post execve?
>

fcntl() can clear the CLOEXEC flag. And CLOEXEC has no effect on SCM_RIGHTS.

>> instead use ioctl() or recvmsg().
>
> The event delivery is modeled after eventfd.c per userfaultfd.c header
> file, so would then eventfd also need to be converted to ioctl or
> recvmsg to deliver its event any better? Initially I evaluated to use
> eventfd for it in fact, but it wasn't possible. I didn't look like it
> could get any better than eventfd in terms of event delivery.
>
> Or do you refer to single out only the delivery of the UFFD_EVENT_FORK
> event not through read()?

Delivering events through read() is just fine. The problem is when delivering an event does more than just returning bytes. As far as Iâve noticed, uffdâs read() just returns bytes as long as FORK is disabled.