author: Peter Xu <peterx@redhat.com> 2019-05-13 17:16:41 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-05-14 09:47:45 -0700
commit: cefdca0a86be517bc390fc4541e3674b8e7803b0
parent: f0fd50504a54f5548eb666dc16ddf8394e44e4b7
Commit Summary:
Diffstat:
1 file changed, 5 insertions, 0 deletions
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index f5de1e726356..3b30301c90ec 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -30,6 +30,8 @@
#include <linux/security.h>
#include <linux/hugetlb.h>
+int sysctl_unprivileged_userfaultfd __read_mostly = 1;
+
static struct kmem_cache *userfaultfd_ctx_cachep __read_mostly;
enum userfaultfd_state {
@@ -1930,6 +1932,9 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
struct userfaultfd_ctx *ctx;
int fd;
+ if (!sysctl_unprivileged_userfaultfd && !capable(CAP_SYS_PTRACE))
+ return -EPERM;
+
BUG_ON(!current->mm);
/* Check the UFFD_* constants for consistency. */