Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp716767rwb; Thu, 18 Aug 2022 10:54:47 -0700 (PDT) X-Google-Smtp-Source: AA6agR7ErvGXiGyI3PGdwhUJlXCa6tW5DKXIZ942s8Pe9Wxtnwu1IHx4U29ALl2+FP5anrnur9pK X-Received: by 2002:a17:902:b60a:b0:170:91fb:84c7 with SMTP id b10-20020a170902b60a00b0017091fb84c7mr3586907pls.101.1660845286995; Thu, 18 Aug 2022 10:54:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660845286; cv=none; d=google.com; s=arc-20160816; b=xdutHoCeV1L7xKM8jr7Eweg5Rx2ek13L6z7OHsRUxUf4YeQZYaCIGU2dnsYXMYgWUD TEG4MSe1ItjEIQamZ0ANj8Na4mY90athFEfgw2lA8jWGxJfUVDRor1Ii4YaB1xAsO/AF 2UfylNrM1eshkfVhKpW4cvtFGnOkE+uJLWzKNcm0pwSgNmCrkMLgxMWyUCH/x3fYwoxJ b0pfqvz5N4dHrVifAOSzWGuNICTZjPvEc7oPNOugFwhDxqFrJCc6cQzGpqyV+Byep3Zn fCagQw5NcllGLi4Qvki/dsavgTjORD9B7cflQGoO2A+x/ASyIJhHakdS6lNO3jxD24dM 2X/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Bd32rmK/FOJLR3DhtOUdTvKf+a9Teo/sBKjuQ/ElSZg=; b=Sn00JoB0ChXiWkLSSrafIyvbixw9u/0vXX9RLhNYaoahv7hOVtSTGc0dHO4GjU48rx XAhNqAHjkL6J7CY0+xpIai0c9E/2mSu8GtVuwAe7goEIU0vjWoxvmbXIyf0Z0aKV2Wf/ HjAKKAwspF8jp8E+r07nRgkwJle5NW3n2dAcjO5nE3syRDgJOG0I9vNdxJVrwMYtwzQc 6s3mY/d/D+/2vnzsaAOsRs5Yqs+Cfj2EKk0s0CuIah6r6JhoZagE/AL0OvYmtd0WOAy4 rZmxUEw/76VlBj4amYQHeadan0zM1XxLvJsz/l/pkZ1Vs8dYkZWCncSaHjWQ1JMopys7 cppg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=XlCrOgXe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u7-20020a170902e5c700b0016d70bd3fd6si1995730plf.77.2022.08.18.10.54.24; Thu, 18 Aug 2022 10:54:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=XlCrOgXe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345173AbiHRRXt (ORCPT + 99 others); Thu, 18 Aug 2022 13:23:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345149AbiHRRXZ (ORCPT ); Thu, 18 Aug 2022 13:23:25 -0400 Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9C773DBD6 for ; Thu, 18 Aug 2022 10:23:04 -0700 (PDT) Received: by mail-io1-xd2c.google.com with SMTP id z72so1578663iof.12 for ; Thu, 18 Aug 2022 10:23:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=Bd32rmK/FOJLR3DhtOUdTvKf+a9Teo/sBKjuQ/ElSZg=; b=XlCrOgXemDYs5Gm1ZIOksFTqGZKJJh1hGJ5FiZ/gBNvZlCJoKWIFIhrOP6jcsNcZg8 nsUv5cuyppKGA9pojhWsrVbxqQNk9M+rs6BsIhJvbCKfFS7En6R216VnbucNPbV6UqJu gFhqNjW0Z3wyX/v6unNEZXn/nYFuw58v1FdugaIM8korrBWM0ULmCWalgxkcsTvstTYF 2dpqn3K+xtvSW+ChNPAlFgqvqaJcQR1TiMmUcWlah6pmdFqo7CJY1Lhcjc2my+dwuDFF He4LDfJIcqaWnuQBMW0MitXidT3AJ0yuvz4ZsinCZ3Oz4svSW745OwxEYBDWuSYgJjBb 0gAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=Bd32rmK/FOJLR3DhtOUdTvKf+a9Teo/sBKjuQ/ElSZg=; b=oKNh96VxIrMjug24lZKDMxfn+QWMRNtYaLJr2FMU6YaqcFnALcUBEcAC+5AfCtmorv CbYoGMCC/uimo0UgmoNN+Rj9Cd6UQyfZbJOV7wGJCtWiher3KFvof8vz+jydBZ6wQseD WhM2MYiGrjElZiK04Plr0LFdd4hWedGEdT8ba7LHos4qMb6aE14pyl5iXyJVJvOWexLX 4i5quq0WYnev8/qoMfVu52igLH7B727V6dkH8wHH2TIVE/n9L7wM5kCRHd0B0KPfhK8F ytjIp9yFjReMMX+ziUuLcqW4qpkdpahamYSwzqB+NMWkuGNISJZ2aTutxQJe0/kv6PpV CNaw== X-Gm-Message-State: ACgBeo2WF+E9/6VvKv6edraowPFLWwPAu9G3Hls7wLXQM0q6gglWIki/ 7PURjYYnwBcEV0Zu+NJmwDmRELrYB0veuITk/BNQMw== X-Received: by 2002:a05:6602:2f03:b0:678:9c7c:97a5 with SMTP id q3-20020a0566022f0300b006789c7c97a5mr1830797iow.32.1660843383117; Thu, 18 Aug 2022 10:23:03 -0700 (PDT) MIME-Version: 1.0 References: <20220817214728.489904-1-axelrasmussen@google.com> <20220817214728.489904-3-axelrasmussen@google.com> In-Reply-To: From: Axel Rasmussen Date: Thu, 18 Aug 2022 10:22:27 -0700 Message-ID: Subject: Re: [PATCH v6 2/5] userfaultfd: add /dev/userfaultfd for fine grained access control To: Greg KH Cc: Alexander Viro , Andrew Morton , Dave Hansen , "Dmitry V . Levin" , Gleb Fotengauer-Malinovskiy , Hugh Dickins , Jan Kara , Jonathan Corbet , Mel Gorman , Mike Kravetz , Mike Rapoport , Nadav Amit , Peter Xu , Shuah Khan , Suren Baghdasaryan , Vlastimil Babka , zhangyi , linux-doc@vger.kernel.org, linux-fsdevel , LKML , Linuxkselftest , Linux MM , linux-security-module@vger.kernel.org, Mike Rapoport Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 11:32 PM Greg KH wrote: > > On Thu, Aug 18, 2022 at 08:26:38AM +0200, Greg KH wrote: > > On Wed, Aug 17, 2022 at 02:47:25PM -0700, Axel Rasmussen wrote: > > > +static int userfaultfd_dev_open(struct inode *inode, struct file *file) > > > +{ > > > + return 0; > > > > If your open does nothing, no need to list it here at all, right? > > > > > +} > > > + > > > +static long userfaultfd_dev_ioctl(struct file *file, unsigned int cmd, unsigned long flags) > > > +{ > > > + if (cmd != USERFAULTFD_IOC_NEW) > > > + return -EINVAL; > > > + > > > + return new_userfaultfd(flags); > > > +} > > > + > > > +static const struct file_operations userfaultfd_dev_fops = { > > > + .open = userfaultfd_dev_open, > > > + .unlocked_ioctl = userfaultfd_dev_ioctl, > > > + .compat_ioctl = userfaultfd_dev_ioctl, > > > > Why do you need to set compat_ioctl? Shouldn't it just default to the > > existing one? > > > > And why is this a device node at all? Shouldn't the syscall handle all > > of this (to be honest, I didn't read anything but the misc code, sorry.) > > Ah, read the documentation now. Seems you want to make it easier for > people to get permissions on a system. Doesn't seem wise, but hey, it's > not my feature... Thanks for taking a look Greg! WIth the syscall, the only way to get access to this feature is to have CAP_SYS_PTRACE. Which gives you access to this, *plus* a bunch more stuff. My basic goal is to grant access to just this feature by itself, not really just to make it easier to access. I think a device node is the simplest way to achieve that (see the cover letter for considered alternatives). The other feedback looks like good simplification to me - I'll send another version with those changes. I have to admit this is the first time I've messed with misc device nodes, so apologies for being overly explicit. :) > > thanks, > > greg k-h