On Feb 22, 2019, at 10:28 AM, Linus Torvalds torvalds@linux-foundation.org wrote:
On Fri, Feb 22, 2019 at 9:48 AM Andy Lutomirski luto@amacapital.net wrote:
On Feb 22, 2019, at 9:43 AM, Linus Torvalds torvalds@linux-foundation.org wrote:
Then we should still probably fix up "__probe_kernel_read()" to not allow user accesses. The easiest way to do that is actually likely to use the "unsafe_get_user()" functions *without* doing a uaccess_begin(), which will mean that modern CPU's will simply fault on a kernel access to user space.
The nice thing about that is that usually developers will have access to exactly those modern boxes, so the people who notice that it doesn't work are the right people.
We use probe_kernel_read() from oops code. I’d rather it return -EFAULT than oops harder and kill the first oops.
It would still do that.
Using the unsafe_get_user() macros doesn't remove the exception handling, and we wouldn't remove the whole "pagefault_disable()" either. So it would work exactly the same way it does now, except on a modern CPU it would return -EFAULT for a user space access due to AC not being set.
Hmm. I misunderstood you. I thought you wanted the oops.
We’d have to check that we don’t trip the “SMAP violation, egads!” check.