This flag controls the mode in which unprivileged users can use the userfaultfd system calls. Set this to 0 to restrict unprivileged users to handle page faults in user mode only. In this case, users without SYS_CAP_PTRACE must pass UFFD_USER_MODE_ONLY in order for userfaultfd to succeed. Prohibiting use of userfaultfd for handling faults from kernel mode may make certain vulnerabilities more difficult to exploit.
Set this to 1 to allow unprivileged users to use the userfaultfd system calls without any restrictions.
The default value is 0.
Another way to control permissions for userfaultfd is to use /dev/userfaultfd instead of userfaultfd(2). See Documentation/admin-guide/mm/userfaultfd.rst.