[kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Christoph Hellwig
hch at infradead.org
Tue May 9 01:56:59 PDT 2017
On Tue, May 09, 2017 at 08:45:22AM +0200, Ingo Molnar wrote:
> We only have ~115 code blocks in the kernel that set/restore KERNEL_DS, it would
> be a pity to add a runtime check to every system call ...
I think we should simply strive to remove all of them that aren't
in core scheduler / arch code. Basically evetyytime we do the
oldfs = get_fs();
set_fs(KERNEL_DS);
..
set_fs(oldfs);
trick we're doing something wrong, and there should always be better
ways to archive it. E.g. using iov_iter with a ITER_KVEC type
consistently would already remove most of them.
More information about the linux-arm-kernel
mailing list