Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp2027824ybg; Thu, 24 Oct 2019 03:48:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqwTfvzEU2Li9FXvgnmxww9guAvJv55vPqQHVsGrUY1J5JNO+AFdeKNr/ULT3eV+iuLUAS9u X-Received: by 2002:a17:906:7e50:: with SMTP id z16mr26212577ejr.130.1571914110271; Thu, 24 Oct 2019 03:48:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571914110; cv=none; d=google.com; s=arc-20160816; b=CiaMuCUSPUmuoMiQIUX2m0NAQVdSzTI9SC+K3WQO9/md+7ahbltpxNvO+VsjfOWmwI 5c8QbiAWgC8b7aoe0Q7IxpzKyXapSBbxjOOrzeI6IRtlCFOJkArPbjBReUaJe/beX5wO 8u++YYOFWIK9SyHoMWmtauyqfLUSpOyErJvwG6kSLJYGAD3CNkhwOHMIIERRZbhk5EqW is8FhWYQZyw+jS4IAnc3Vt84ZM5v4VHmzzvgXKaqCpVJ9jGdAxoaewmNoG90lcbmjkdR W+VtCElzMPUmT2YLvvjesRSSpx/g7IkVRaQFvxV52NiQ/aCr4fOo92Hf36B3X1D2UCy8 jNyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=Qor75HOdV9osJzTRx0zqKlc/1Orw2uFvi+ewxkXrpvA=; b=pCTLzLRMfr9x25kYuGTDnKBZEOOHjC9eZHy9hM17GZ27u9jsH2qmpNtdy0pLtX0Qba W+3dqDzVKZ939CuGp4VAbJNqRANPN7H+MmKtYj71q5qRIM8LtOW/KA3fK9jqN/p0gAAp kdMyrvK5m1M5PrAirChgewqqxC0feoiXX+Q8QnRiXAzZHBSnTgiVM6gEC5kyyLMMtl2l iLJocxELGbU+JZoN/bTGN54rj2aFXri7oSIkzcF3Fg8k17c8B8fmZ1fgnhvuYoLP8421 QE6DqJPAjn6/iubWQ5tsv6ysv7ocQnWlyjlXZ//hDe00skM1KIjh4F7iSvxrb085BOJZ lvDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=trlLMKAG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6si3631680eda.377.2019.10.24.03.48.06; Thu, 24 Oct 2019 03:48:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=trlLMKAG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407993AbfJWXB5 (ORCPT + 99 others); Wed, 23 Oct 2019 19:01:57 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:43702 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404036AbfJWXB5 (ORCPT ); Wed, 23 Oct 2019 19:01:57 -0400 Received: by mail-pg1-f196.google.com with SMTP id l24so8072222pgh.10 for ; Wed, 23 Oct 2019 16:01:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=Qor75HOdV9osJzTRx0zqKlc/1Orw2uFvi+ewxkXrpvA=; b=trlLMKAG64sqHo+sIqkb1vJf6fpSVvBp1Nf1tIXyRCr4FE3M6AviSLMEeFmlU4xEX2 HwvpMSndt82ykYw5PbbVHx8es0J1sunCmpRr3DfVt8HKKMJJJq7FyaOn2guS359vlq9v N+7aFRQD7bC5iWToWtajzNpZevPbPTBeJPsXy8XnVsmr++Fqur+K+82RQJ/MyZGcJ6l2 0dtAw04WYyU0fN7UGUWyQzzkVl0M5BIJR3pJ57HAbSe7udvxeLUa9ZCsMlyhrNj5/KLB HAAhfyftd0eyYbAYKySaJ4Ezf7tdfT6bp8Ep57aYRfq6SaGD2j48WLaY48U7wN+TA58U w5qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=Qor75HOdV9osJzTRx0zqKlc/1Orw2uFvi+ewxkXrpvA=; b=T9lHU1mvDdycNvjAWpyxEeVjdb7wmsK5U9CzaqvIbwnx5caq3EsmmtTo3SMpRleYka oskT9DuOi6Idg1UpfXmOivdgqKrBAQX6VcvzjZOM6yFhx6n6g61SiXgik0BL9KFSihJX +uI2IV0MzgnHPGEz9Dv6PtPcr9IayRe4NT1iqdICixWHSb4CPIhoK/x0ylzMPcOmFWZy bDEzoBNjhRoGhlUi//brhxEbysE26/4++/rCo9UTALbip5iMxuC8IMblMj7qT04/JQMB au8CzfJfuKLoXzzlbJED5oss4XnuMvAZmAYfMoOJHEQX0bFGv0mpGNuOtgUluB3pqvjY tekQ== X-Gm-Message-State: APjAAAWj18Nd2s/3mFFSyXI4FYqX+PBARD3MjpPdoyjEVNKJaCy8rIVV wGY0klfH5z3m5fBBo1sZSZZ6/Q== X-Received: by 2002:a62:7d57:: with SMTP id y84mr14158828pfc.90.1571871716495; Wed, 23 Oct 2019 16:01:56 -0700 (PDT) Received: from ?IPv6:2600:1010:b02e:424b:3981:2a2f:eca2:3b9c? ([2600:1010:b02e:424b:3981:2a2f:eca2:3b9c]) by smtp.gmail.com with ESMTPSA id r185sm25541445pfr.68.2019.10.23.16.01.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Oct 2019 16:01:55 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API. Date: Wed, 23 Oct 2019 16:01:53 -0700 Message-Id: References: <20191023224110.GE9902@redhat.com> Cc: Andy Lutomirski , Jann Horn , Daniel Colascione , Linus Torvalds , Pavel Emelyanov , Lokesh Gidra , Nick Kralevich , Nosh Minwalla , Tim Murray , Mike Rapoport , Linux API , LKML , "Dr. David Alan Gilbert" In-Reply-To: <20191023224110.GE9902@redhat.com> To: Andrea Arcangeli X-Mailer: iPhone Mail (17A878) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Oct 23, 2019, at 3:41 PM, Andrea Arcangeli wrote:= >=20 > =EF=BB=BFOn Wed, Oct 23, 2019 at 02:25:35PM -0700, Andy Lutomirski wrote: >> That doesn't solve the problem. With your time machine, you should >=20 > Would you elaborate what problem remains if execve closes all uffd > so that read() cannot run post execve? >=20 fcntl() can clear the CLOEXEC flag. And CLOEXEC has no effect on SCM_RIGHTS.= >> instead use ioctl() or recvmsg(). >=20 > The event delivery is modeled after eventfd.c per userfaultfd.c header > file, so would then eventfd also need to be converted to ioctl or > recvmsg to deliver its event any better? Initially I evaluated to use > eventfd for it in fact, but it wasn't possible. I didn't look like it > could get any better than eventfd in terms of event delivery. >=20 > Or do you refer to single out only the delivery of the UFFD_EVENT_FORK > event not through read()? Delivering events through read() is just fine. The problem is when deliverin= g an event does more than just returning bytes. As far as I=E2=80=99ve notic= ed, uffd=E2=80=99s read() just returns bytes as long as FORK is disabled.