From: Al Viro <[email protected]> Date: Tue, 18 Nov 2014 21:23:07 +0000
> On Tue, Nov 18, 2014 at 12:49:13PM -0800, Linus Torvalds wrote: >> "access_ok()" isn't that expensive, and removing them as unnecessary >> is fraught with errors. We've had several cases of "oops, we used >> __get_user() in a loop, because it generates much better code, but >> we'd forgotten to do access_ok(), so now people can read kernel data". > > OK... If netdev folks can live with that for now, I've no problem with > dropping 3/5. However, I really think we need a variant of csum-and-copy > that would _not_ bother with access_ok() longer term. That can wait, > though... I think because of the way Al verifies things at the top level, and how we structure access to these msg->msg_iov so strictly, these cases of access_ok() really can safely go. But that is just my opinion, and yes I do acknowledge that we've had serious holes in this area in the past. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
