Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode

From: Christoph Hellwig
Date: Tue May 09 2017 - 04:58:21 EST

Next message: Christoph Hellwig: "Re: [PATCH RFC] hugetlbfs 'noautofill' mount option"
Previous message: Phil Elwell: "[PATCH] irq_bcm2836: Send event when onlining sleeping cores"
In reply to: Ingo Molnar: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Next in thread: Andy Lutomirski: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 09, 2017 at 08:45:22AM +0200, Ingo Molnar wrote:
> We only have ~115 code blocks in the kernel that set/restore KERNEL_DS, it would
> be a pity to add a runtime check to every system call ...

I think we should simply strive to remove all of them that aren't
in core scheduler / arch code. Basically evetyytime we do the

oldfs = get_fs();
set_fs(KERNEL_DS);
..
set_fs(oldfs);

trick we're doing something wrong, and there should always be better
ways to archive it. E.g. using iov_iter with a ITER_KVEC type
consistently would already remove most of them.

Next message: Christoph Hellwig: "Re: [PATCH RFC] hugetlbfs 'noautofill' mount option"
Previous message: Phil Elwell: "[PATCH] irq_bcm2836: Send event when onlining sleeping cores"
In reply to: Ingo Molnar: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Next in thread: Andy Lutomirski: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]