> If you allow userspace accesses to succeed during KERNEL_DS, so > much bad stuff can happen. We've demonstrated that several times > with the compat layer bugs.
These are easy to review. > > Why not make it trap on all platforms, instead of until someone hits > it on sparc64 or similar? Because access_ok is used very often and adding anything more to it leads to excessive binary bloat. > Do you like finding bugs immediately, or at some random time > in the future? I like my bugs to jump up and down quickly > saying "I'm a bug" instead of "try and find me sucker" :-) If you want you could add a check with a CONFIG option in the kernel debug menu. But I'm not sure it's worth it, it would probably be somewhat ugly. -Andi
