On Mon, Jun 13, 2022 at 02:55:40PM -0700, Andrew Morton wrote:
On Wed, 1 Jun 2022 14:09:47 -0700 Axel Rasmussen axelrasmussen@google.com wrote:
To achieve this, add a /dev/userfaultfd misc device. This device provides an alternative to the userfaultfd(2) syscall for the creation of new userfaultfds. The idea is, any userfaultfds created this way will be able to handle kernel faults, without the caller having any special capabilities. Access to this mechanism is instead restricted using e.g. standard filesystem permissions.
The use of a /dev node isn't pretty. Why can't this be done by tweaking sys_userfaultfd() or by adding a sys_userfaultfd2()?
Peter, will you be completing review of this patchset?
Sorry to not have reviewed it proactively..
I think it's because I never had a good picture/understanding of what should be the best security model for uffd, meanwhile I am (it seems) just seeing more and more ways to "provide a safer uffd" by different people using different ways.. and I never had time (and probably capability too..) to figure out the correct approach if not to accept all options provided.
I think I'll just assume the whole thing is acked already from you generally, then I'll read at least the implementation before the end of tomorrow.
Thanks,