summaryrefslogtreecommitdiff
path: root/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch')
-rw-r--r--sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch68
1 files changed, 68 insertions, 0 deletions
diff --git a/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch b/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch
new file mode 100644
index 000000000000..4f58ab27569d
--- /dev/null
+++ b/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0108-add-CONFIG-for-unprivileged_userfaultfd.patch
@@ -0,0 +1,68 @@
+From 7c982f0a57fbef3b984b32a0ed289fbfbaa9cbe2 Mon Sep 17 00:00:00 2001
+From: Levente Polyak <levente@leventepolyak.net>
+Date: Wed, 2 Oct 2019 01:22:17 +0200
+Subject: [PATCH 108/113] add CONFIG for unprivileged_userfaultfd
+
+When disabled, unprivileged users will not be able to use the userfaultfd
+syscall. Userfaultfd provide attackers with a way to stall a kernel
+thread in the middle of memory accesses from userspace by initiating an
+access on an unmapped page. To avoid various heap grooming and heap
+spraying techniques for exploiting use-after-free flaws this should be
+disabled by default.
+
+This setting can be overridden at runtime via the
+vm.unprivileged_userfaultfd sysctl.
+
+Signed-off-by: Levente Polyak <levente@leventepolyak.net>
+---
+ fs/userfaultfd.c | 4 ++++
+ init/Kconfig | 17 +++++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
+index 000b457ad087..06d35ecdcbc8 100644
+--- a/fs/userfaultfd.c
++++ b/fs/userfaultfd.c
+@@ -28,7 +28,11 @@
+ #include <linux/security.h>
+ #include <linux/hugetlb.h>
+
++#ifdef CONFIG_USERFAULTFD_UNPRIVILEGED
+ int sysctl_unprivileged_userfaultfd __read_mostly = 1;
++#else
++int sysctl_unprivileged_userfaultfd __read_mostly;
++#endif
+
+ static struct kmem_cache *userfaultfd_ctx_cachep __read_mostly;
+
+diff --git a/init/Kconfig b/init/Kconfig
+index a7b5a4cb7939..2feea719cc25 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1745,6 +1745,23 @@ config USERFAULTFD
+ Enable the userfaultfd() system call that allows to intercept and
+ handle page faults in userland.
+
++config USERFAULTFD_UNPRIVILEGED
++ bool "Allow unprivileged users to use the userfaultfd syscall"
++ depends on USERFAULTFD
++ default n
++ help
++ When disabled, unprivileged users will not be able to use the userfaultfd
++ syscall. Userfaultfd provide attackers with a way to stall a kernel
++ thread in the middle of memory accesses from userspace by initiating an
++ access on an unmapped page. To avoid various heap grooming and heap
++ spraying techniques for exploiting use-after-free flaws this should be
++ disabled by default.
++
++ This setting can be overridden at runtime via the
++ vm.unprivileged_userfaultfd sysctl.
++
++ If unsure, say N.
++
+ config ARCH_HAS_MEMBARRIER_CALLBACKS
+ bool
+
+--
+2.30.0
+
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-01 12:11:14 +0000