Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp48437imw;
        Tue, 12 Jul 2022 14:24:07 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1swMNFWdbiPuNpeDghw+bZDmREXeZvim8zbV7Tjva0Jg1Aa1Ow0rmZO+oNrlSULXBuyh8eT
X-Received: by 2002:a17:903:4091:b0:16b:e3d5:b2da with SMTP id z17-20020a170903409100b0016be3d5b2damr26012478plc.58.1657661046782;
        Tue, 12 Jul 2022 14:24:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657661046; cv=none;
        d=google.com; s=arc-20160816;
        b=V3iXTMSznTM9FS674y8G4igRE/I+NaWjHP9in1f2VULLwwnKaPi+vuujHrrX8hHVzh
         FIRyviGoOJwQZ9DsoB7WeJFVzI8m1aHvTNoaTtvIcNiW/JqzQmPMdwJf7O5gZ7j9ywAq
         Xqlm+I29321NK6Qeb88YTQaLJAeuLw8UdMBnxnxizCyQHNHTN4gdbxjwW4jnHiM7H6JX
         2xzhyXiGy71bYrW7xuXMuEVGpYFSLOPPntElSBfJld5rriopNL7SFqF/iFhRx1yQJPgx
         Cn4zIqcXwG/F+NHeswLiLyatCQFrmf2dv8KoalKzVbqjr2qCyZ+jWVKXsA9uoiKhmDwl
         Ritw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=tdOEioFO23wO9jT+v84Uq6yR/rM6WjphFOowXqeZg+8=;
        b=h+CQx+g+jYwQVNX62fhvna0a0sHpeNzyV2t6C9eTsRfgYrR6Br8K9tajji201DylJc
         2vPzg1iPedLZ+XfBYvesGHju3yXjqm1qNbUTnMLVU90ztUujsO8crcqHsM1eG9mlk0pJ
         b63oMFDX/OVKg2JZA/dvWAnMgF1eY/z5mVB/EnQrlJvr5JNGjQzReUCanecyYDNa9vwo
         UfYuDlHv6m91fy/+dgravA2o3QRJQLNkNxaXeXhGiMgL5RMnjLbsqbAP5dQ4vTXvSKk0
         YaPw3lLZ7K8K+vsHJ8UEUpgicYybOwkLVox1XBZw6D0kgPZkGxGvnpfKD4rJtsfIBfzR
         5SAw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b="FGMgDJ/U";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h4-20020a170902f7c400b0016c1decec5esi14103256plw.422.2022.07.12.14.23.50;
        Tue, 12 Jul 2022 14:24:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b="FGMgDJ/U";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232476AbiGLVRJ (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Tue, 12 Jul 2022 17:17:09 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53208 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232332AbiGLVQ7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Jul 2022 17:16:59 -0400
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACC33D03B1
        for <linux-kernel@vger.kernel.org>; Tue, 12 Jul 2022 14:16:57 -0700 (PDT)
Received: by mail-wr1-x431.google.com with SMTP id bu1so11711686wrb.9
        for <linux-kernel@vger.kernel.org>; Tue, 12 Jul 2022 14:16:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=tdOEioFO23wO9jT+v84Uq6yR/rM6WjphFOowXqeZg+8=;
        b=FGMgDJ/UWUUwxtjgAbMXHbpKlAFja3YZGN8NTh9r5gki2J1eTGIrihjn5kYu8Zp5m4
         6VTF06qBe97J1CxPU3T14bt6XIuwgM9FBXtDhrpqJEJRIUmhzBQG7IK+T7h8yE7VdA5a
         I70IGaN4H1bfFHKVCsYsxL34OJK1NRAnfx/0yh1pnxcRJXal4rH+p6RYOdQrahufvonY
         fWO0KQmvYb+As0YFoNmK/y+Vj75uZM2InxTtWMWRkuQ6q1O5gPBztxVzh4L3IWpslSUJ
         Y2NpYIgYdzc37H3yOAl5XR3vg+AuNRrMZP+8+WIw7tZouCd93viYtW4+bYH/RYk0XbUP
         D/3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=tdOEioFO23wO9jT+v84Uq6yR/rM6WjphFOowXqeZg+8=;
        b=x9ijIv5gKwBhxiX2HoCnymOs3W3OVpeIAaI+fkecip8gZp8FkBQEPJaeIJlZBv5w51
         6otctN1O0D2nINB7YMbDeDkdBnrawWgnEPPf9bWGJt2c3Pwj3BdwjvUapYv5IXCANVTK
         uG4BUbBpK4SonfQKKCTFWl+yLx+8Q0cuPmavfrR7YZxafGf3o17GCFgvgtYqQTlaB/ok
         Qg+Uhm1rZnRfVLXpJeQxWPuxJoFBd79Qi/XdVfEMQm1Ry7WcuC6U/bMRCkYjkyJUnZsP
         63BFj8xxTlUcKI9VE1ww7z7AS/aWIBo0WmJ23Q1/L3q9g6TbDWx5NYnTi+8PijJD9xy6
         p0pQ==
X-Gm-Message-State: AJIora9vMoNuacWXmmKywmVFdEa7jLVLNP5CIH/QWN4S4VZWA+UWOPFW
        +qp5A4MT0KEdxuI9xAi6YqaaYSkxk4/glatWJcIG
X-Received: by 2002:a5d:64a3:0:b0:21d:adaa:ce4c with SMTP id
 m3-20020a5d64a3000000b0021dadaace4cmr7514967wrp.161.1657660616240; Tue, 12
 Jul 2022 14:16:56 -0700 (PDT)
MIME-Version: 1.0
References: <20220708093451.472870-1-omosnace@redhat.com> <Ys2DobolHlrXP4/M@xz-m1.local>
In-Reply-To: <Ys2DobolHlrXP4/M@xz-m1.local>
From:   Paul Moore <paul@paul-moore.com>
Date:   Tue, 12 Jul 2022 17:16:45 -0400
Message-ID: <CAHC9VhRv2VPvUAbpDo0D0oK9gEHL=vcOh84M9Fg+AN1c1SR0pA@mail.gmail.com>
Subject: Re: [RFC PATCH RESEND] userfaultfd: open userfaultfds with O_RDONLY
To:     Peter Xu <peterx@redhat.com>
Cc:     Ondrej Mosnacek <omosnace@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        David Hildenbrand <david@redhat.com>,
        Lokesh Gidra <lokeshgidra@google.com>, linux-mm@kvack.org,
        linux-fsdevel@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        "Robert O'Callahan" <roc@ocallahan.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jul 12, 2022 at 10:22 AM Peter Xu <peterx@redhat.com> wrote:
> On Fri, Jul 08, 2022 at 11:34:51AM +0200, Ondrej Mosnacek wrote:
> > Since userfaultfd doesn't implement a write operation, it is more
> > appropriate to open it read-only.
> >
> > When userfaultfds are opened read-write like it is now, and such fd is
> > passed from one process to another, SELinux will check both read and
> > write permissions for the target process, even though it can't actually
> > do any write operation on the fd later.
> >
> > Inspired by the following bug report, which has hit the SELinux scenario
> > described above:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1974559
> >
> > Reported-by: Robert O'Callahan <roc@ocallahan.org>
> > Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
>
> Acked-by: Peter Xu <peterx@redhat.com>

Thanks Peter.

-- 
paul-moore.com