From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39CEFC433F4 for ; Mon, 27 Jul 2020 13:49:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 23B3520838 for ; Mon, 27 Jul 2020 13:49:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729149AbgG0NtN (ORCPT ); Mon, 27 Jul 2020 09:49:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729032AbgG0NtM (ORCPT ); Mon, 27 Jul 2020 09:49:12 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BDD9C0619D2; Mon, 27 Jul 2020 06:49:12 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1k03UE-003g0B-15; Mon, 27 Jul 2020 13:48:14 +0000 Date: Mon, 27 Jul 2020 14:48:14 +0100 From: Al Viro To: David Laight Cc: 'David Miller' , "hch@lst.de" , "kuba@kernel.org" , "ast@kernel.org" , "daniel@iogearbox.net" , "kuznet@ms2.inr.ac.ru" , "yoshfuji@linux-ipv6.org" , "edumazet@google.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "linux-sctp@vger.kernel.org" , "linux-hams@vger.kernel.org" , "linux-bluetooth@vger.kernel.org" , "bridge@lists.linux-foundation.org" , "linux-can@vger.kernel.org" , "dccp@vger.kernel.org" , "linux-decnet-user@lists.sourceforge.net" , "linux-wpan@vger.kernel.org" , "linux-s390@vger.kernel.org" , "mptcp@lists.01.org" , "lvs-devel@vger.kernel.org" , "rds-devel@oss.oracle.com" , "linux-afs@lists.infradead.org" , "tipc-discussion@lists.sourceforge.net" , "linux-x25@vger.kernel.org" Subject: Re: get rid of the address_space override in setsockopt v2 Message-ID: <20200727134814.GD794331@ZenIV.linux.org.uk> References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: get rid of the address_space override in setsockopt v2 Date: Mon, 27 Jul 2020 14:48:14 +0100 Message-ID: <20200727134814.GD794331@ZenIV.linux.org.uk> References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Sender: lvs-devel-owner@vger.kernel.org To: David Laight Cc: 'David Miller' , "hch@lst.de" , "kuba@kernel.org" , "ast@kernel.org" , "daniel@iogearbox.net" , "kuznet@ms2.inr.ac.ru" , "yoshfuji@linux-ipv6.org" , "edumazet@google.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "linux-sctp@vger.kernel.org" , "linux-hams@vger.kernel.org" List-Id: linux-can.vger.kernel.org On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 27 Jul 2020 14:48:14 +0100 From: Al Viro Subject: Re: get rid of the address_space override in setsockopt v2 Message-ID: <20200727134814.GD794331@ZenIV.linux.org.uk> References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Sender: bpf-owner@vger.kernel.org List-ID: To: David Laight Cc: 'David Miller' , "hch@lst.de" , "kuba@kernel.org" , "ast@kernel.org" , "daniel@iogearbox.net" , "kuznet@ms2.inr.ac.ru" , "yoshfuji@linux-ipv6.org" , "edumazet@google.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "linux-sctp@vger.kernel.org" , "linux-hams@vger.kernel.org" , "linux-bluetooth@vger.kernel.org" , "bridge@lists.linux-foundation.org" , "linux-can@vger.kernel.org" , "dccp@vger.kernel.org" , "linux-decnet-user@lists.sourceforge.net" , "linux-wpan@vger.kernel.org" , "linux-s390@vger.kernel.org" , "mptcp@lists.01.org" , "lvs-devel@vger.kernel.org" , "rds-devel@oss.oracle.com" , "linux-afs@lists.infradead.org" , "tipc-discussion@lists.sourceforge.net" , "linux-x25@vger.kernel.org" On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Date: Mon, 27 Jul 2020 13:48:14 +0000 Subject: Re: get rid of the address_space override in setsockopt v2 Message-Id: <20200727134814.GD794331@ZenIV.linux.org.uk> List-Id: References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: David Laight Cc: 'David Miller' , "hch@lst.de" , "kuba@kernel.org" , "ast@kernel.org" , "daniel@iogearbox.net" , "kuznet@ms2.inr.ac.ru" , "yoshfuji@linux-ipv6.org" , "edumazet@google.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "linux-sctp@vger.kernel.org" , "linux-hams@vger.kernel.org" , "linux-bluetooth@vger.kernel.org" , "bridge@lists.linux-foundation.org" , "linux-can@vger.kernel.org" , "dccp@vger.kernel.org" , "linux-decnet-user@lists.sourceforge.net" , "linux-wpan@vger.kernel.org" , "linux-s390@vger.kernel.org" , "mptcp@lists.01.org" , "lvs-devel@vger.kernel.org" , "rds-devel@oss.oracle.com" , "linux-afs@lists.infradead.org" , "tipc-discussion@lists.sourceforge.net" , "linux-x25@vger.kernel.org" On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Date: Mon, 27 Jul 2020 13:48:14 +0000 Subject: Re: get rid of the address_space override in setsockopt v2 Message-Id: <20200727134814.GD794331@ZenIV.linux.org.uk> List-Id: References: <20200720124737.118617-1-hch@lst.de> In-Reply-To: <20200720124737.118617-1-hch@lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: dccp@vger.kernel.org On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 27 Jul 2020 14:48:14 +0100 From: Al Viro Message-ID: <20200727134814.GD794331@ZenIV.linux.org.uk> References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Sender: Al Viro Subject: Re: [Bridge] get rid of the address_space override in setsockopt v2 List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: David Laight Cc: "ast@kernel.org" , "linux-sctp@vger.kernel.org" , "hch@lst.de" , "linux-s390@vger.kernel.org" , "rds-devel@oss.oracle.com" , "daniel@iogearbox.net" , "dccp@vger.kernel.org" , "bridge@lists.linux-foundation.org" , "linux-afs@lists.infradead.org" , "lvs-devel@vger.kernel.org" , "coreteam@netfilter.org" , "mptcp@lists.01.org" , "kuznet@ms2.inr.ac.ru" , "linux-can@vger.kernel.org" , "kuba@kernel.org" , "linux-hams@vger.kernel.org" , "tipc-discussion@lists.sourceforge.net" , "linux-x25@vger.kernel.org" , "edumazet@google.com" , "yoshfuji@linux-ipv6.org" , "netdev@vger.kernel.org" , "linux-decnet-user@lists.sourceforge.net" , "linux-kernel@vger.kernel.org" , "linux-bluetooth@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "bpf@vger.kernel.org" , "linux-wpan@vger.kernel.org" , 'David Miller' On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials?