On Sun, 6 Feb 2005 11:50:48 +0100 Andi Kleen <[EMAIL PROTECTED]> wrote:
> > First, "set_fs(KERNEL_DS)" allows kernel mode access, but it absolutely > > must not allow user mode accesses. It seems to suggest we might need > > some "addr_min" value for access_ok() checking purposes... > > That's an unreasonable requirement which no architecture other than > those with truly separate address spaces follow. If you allow userspace accesses to succeed during KERNEL_DS, so much bad stuff can happen. We've demonstrated that several times with the compat layer bugs. Why not make it trap on all platforms, instead of until someone hits it on sparc64 or similar? Do you like finding bugs immediately, or at some random time in the future? I like my bugs to jump up and down quickly saying "I'm a bug" instead of "try and find me sucker" :-) The x86 access_ok() already checks the address against a base stored in the current_thread_info(), all I'm proposing is to add a low value to the range as well and to adjust it at set_fs() time, which set_fs() is already effectively doing on x86.
