From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DF94C433DF for ; Mon, 27 Jul 2020 13:49:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2514A2073E for ; Mon, 27 Jul 2020 13:49:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729126AbgG0NtN (ORCPT ); Mon, 27 Jul 2020 09:49:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729032AbgG0NtM (ORCPT ); Mon, 27 Jul 2020 09:49:12 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BDD9C0619D2; Mon, 27 Jul 2020 06:49:12 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1k03UE-003g0B-15; Mon, 27 Jul 2020 13:48:14 +0000 Date: Mon, 27 Jul 2020 14:48:14 +0100 From: Al Viro To: David Laight Cc: 'David Miller' , "hch@lst.de" , "kuba@kernel.org" , "ast@kernel.org" , "daniel@iogearbox.net" , "kuznet@ms2.inr.ac.ru" , "yoshfuji@linux-ipv6.org" , "edumazet@google.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "linux-sctp@vger.kernel.org" , "linux-hams@vger.kernel.org" , "linux-bluetooth@vger.kernel.org" , "bridge@lists.linux-foundation.org" , "linux-can@vger.kernel.org" , "dccp@vger.kernel.org" , "linux-decnet-user@lists.sourceforge.net" , "linux-wpan@vger.kernel.org" , "linux-s390@vger.kernel.org" , "mptcp@lists.01.org" , "lvs-devel@vger.kernel.org" , "rds-devel@oss.oracle.com" , "linux-afs@lists.infradead.org" , "tipc-discussion@lists.sourceforge.net" , "linux-x25@vger.kernel.org" Subject: Re: get rid of the address_space override in setsockopt v2 Message-ID: <20200727134814.GD794331@ZenIV.linux.org.uk> References: <20200723060908.50081-1-hch@lst.de> <20200724.154342.1433271593505001306.davem@davemloft.net> <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8ae792c27f144d4bb5cbea0c1cce4eed@AcuMS.aculab.com> Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org On Mon, Jul 27, 2020 at 09:51:45AM +0000, David Laight wrote: > I'm sure there is code that processes options in chunks. > This probably means it is possible to put a chunk boundary > at the end of userspace and continue processing the very start > of kernel memory. > > At best this faults on the kernel copy code and crashes the system. Really? Care to provide some details, or is it another of your "I can't be possibly arsed to check what I'm saying, but it stands for reason that..." specials?