| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251105114959.GCaQs556YmafFX_s2o@fat_crate.local>
Date: Wed, 5 Nov 2025 12:49:59 +0100
From: Borislav Petkov <bp@...en8.de>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Joerg Roedel <joro@...tes.org>, Tom Lendacky <thomas.lendacky@....com>,
Sean Christopherson <seanjc@...gle.com>,
Mateusz Guzik <mjguzik@...il.com>,
the arch/x86 maintainers <x86@...nel.org>, brauner@...nel.org,
viro@...iv.linux.org.uk, jack@...e.cz, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, tglx@...utronix.de, pfalcato@...e.de
Subject: Re: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using
wrong USER_PTR_MAX in modules
On Wed, Nov 05, 2025 at 07:06:05AM +0900, Linus Torvalds wrote:
> but any other users of __get_user() that aren't in x86-specific code
> can't do that, so I do think it's probably better to just migrate the
> *good* cases - the ones known to actually be about user space - away
> from __get_user() and just leave these turds alone.
We probably should think of a scheme to stop __get_user() from spreading
around by hiding it in an arch-specific header which doesn't get exposed to
modules/drivers/etc and then once that is in place, take care of the existing
offenders and convert them slowly.
It'll need careful conversion and testing, I'd say but at least we'll have
a finite, non-growing number of occurrences to convert:
$ git grep -w __get_user *.c | grep -v arch | wc -l
43
Not a lot. (The headers are mostly macro definitions AFAICT).
The arches would then be a separate deal...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists