On Thu, Jan 25, 2018 at 04:21:51PM +0100, Jiri Slaby wrote:
On 01/25/2018, 04:12 PM, Greg Kroah-Hartman wrote:
On Thu, Jan 25, 2018 at 03:47:32PM +0100, Jiri Slaby wrote:
On 01/25/2018, 03:30 PM, Thomas Gleixner wrote:
So what's the problem?
The problem I see is that every stable kernel now requires updated strace with their commit from yesterday to build correctly. In particular, the new stable kernels cause rpm build failures of strace in all our distros (based on those stable kernels). Sure, we can patch strace in every distro every nth kernel update, but it's mere impractical. Kernel should not break userspace, right?
Well, when userspace is doing something stupid... :)
No doubt... But does that mean we no longer maintain the "no userspace breakage even if it is stupid" rule?
One of the reasons we have been adding these earlier input validation checks to futex has been to mitigate security exploits taking advantage of the complex nature of the system call. Granted we should have done this initially, but if we avoid some of these nasty exploits (and the real harm they enable), then yeah, this is worth fixing userspace which is relying on undefined behavior.
I'd still like to out why various distros are sending garbage to uadd2 for network setup (but that's another topic).