lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 12 May 2017 08:15:49 +0100
From:   Al Viro <>
To:     Ingo Molnar <>
Cc:     Andy Lutomirski <>,
        Christoph Hellwig <>,
        Greg KH <>, Thomas Garnier <>,
        Martin Schwidefsky <>,
        Heiko Carstens <>,
        Dave Hansen <>,
        Arnd Bergmann <>,
        Thomas Gleixner <>,
        David Howells <>,
        René Nyffenegger <>,
        Andrew Morton <>,
        "Paul E . McKenney" <>,
        "Eric W . Biederman" <>,
        Oleg Nesterov <>,
        Pavel Tikhomirov <>,
        Ingo Molnar <>,
        "H . Peter Anvin" <>,
        Paolo Bonzini <>,
        Rik van Riel <>,
        Kees Cook <>,
        Josh Poimboeuf <>,
        Borislav Petkov <>,
        Brian Gerst <>,
        "Kirill A . Shutemov" <>,
        Christian Borntraeger <>,
        Russell King <>,
        Will Deacon <>,
        Catalin Marinas <>,
        Mark Rutland <>,
        James Morse <>,
        linux-s390 <>,
        LKML <>,
        Linux API <>,
        the arch/x86 maintainers <>,
        Kernel Hardening <>,
        Linus Torvalds <>,
        Peter Zijlstra <>
Subject: Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address
 limit before returning to user-mode

On Fri, May 12, 2017 at 09:00:12AM +0200, Ingo Molnar wrote:

> > How about trying to remove all of them?  If we could actually get rid
> > of all of them, we could drop the arch support, and we'd get faster,
> > simpler, shorter uaccess code throughout the kernel.
> I'm all for that!

Oh, for...  Ingo, do you really want to go through all ->write() and ->read()
instances, converting all of them to iov_iter?  Or, better yet, deal with
the patch flood from Nick Krause sock puppet brigade?

Folks, seriously, have you even looked through that zoo?  I have, and it's
really, really not fun.  Sure, we can say "fuck 'em, no need to allow
splice() on random crap".  Would be perfectly reasonable, expect that
it's not the only place doing kernel_write() and its ilk...

And converting everything to ->read_iter()/->write_iter() means an insane
amount of code churn, not to mention coping with random bogosities in
semantics.  ->read() and ->write() are going to stay around, pretty
much indefinitely.

Powered by blists - more mailing lists