>> Fair enough. However, placing a BUG_ON(!(read_cr0() & X86_CR0_WP)) >> somewhere sensible should make those "leaks" visible fast -- and their >> exploitation impossible, i.e. fail hard. > > The leaks surely exist and now we'll just add an exploitable BUG.
That didn't seem to matter for landing a rewrite of KSTACKOVERFLOW with a bunch of *known* DoS bugs dealt with in grsecurity and those were known issues that were unfixed for no apparent reason other than keeping egos intact. It looks like there are still some left... In that case, there also wasn't a security/performance advantage.
