Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
From: Christoph Hellwig <hch@infradead.org>
Date: 2017-05-10 08:15:35
Also in:
linux-arm-kernel, linux-s390, lkml
On Wed, May 10, 2017 at 09:08:41AM +0100, Al Viro wrote:
On Wed, May 10, 2017 at 09:37:04AM +0200, Arnd Bergmann wrote:quoted
quoted
How about trying to remove all of them? If we could actually get rid of all of them, we could drop the arch support, and we'd get faster, simpler, shorter uaccess code throughout the kernel.BTW, not all get_user() under KERNEL_DS are plain loads. There is an exception - probe_kernel_read().
And various calls that looks like opencoded versions, e.g. drivers/dio or the ELF loader. But in the long run we'll just need a separate primitive for that, but that can wait until the set_fs calls outside the core code are gone.