There are attacks that depend on using userfaultfd to stall copy_from_user() calls to get precise timing and heap grooming. (For example https://duasynt.com/blog/linux-kernel-heap-spray) In order to defend against this, userfaultfd need to learn not to block accesses originating from the kernel itself.
There are attacks that depend on using userfaultfd to stall copy_from_user() calls to get precise timing and heap grooming. (For example https://duasynt.com/blog/linux-kernel-heap-spray) In order to defend against this, userfaultfd need to learn not to block accesses originating from the kernel itself.
Proposed series:
https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@google.com/