Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 May 2017 01:11:26 -0700
From: Christoph Hellwig <>
To: Arnd Bergmann <>
Cc: Al Viro <>, Ingo Molnar <>,
	Andy Lutomirski <>,
	Christoph Hellwig <>, Greg KH <>,
	Thomas Garnier <>,
	Martin Schwidefsky <>,
	Heiko Carstens <>,
	Dave Hansen <>,
	Thomas Gleixner <>,
	David Howells <>,
	René Nyffenegger <>,
	Andrew Morton <>,
	"Paul E . McKenney" <>,
	"Eric W . Biederman" <>,
	Oleg Nesterov <>,
	Pavel Tikhomirov <>,
	Ingo Molnar <>, "H . Peter Anvin" <>,
	Paolo Bonzini <>, Rik van Riel <>,
	Kees Cook <>,
	Josh Poimboeuf <>,
	Borislav Petkov <>, Brian Gerst <>,
	"Kirill A . Shutemov" <>,
	Christian Borntraeger <>,
	Russell King <>,
	Will Deacon <>,
	Catalin Marinas <>,
	Mark Rutland <>,
	James Morse <>,
	linux-s390 <>,
	LKML <>,
	Linux API <>,
	the arch/x86 maintainers <>,
	"" <>,
	Kernel Hardening <>,
	Linus Torvalds <>,
	Peter Zijlstra <>
Subject: Re: Re: [PATCH v9 1/4] syscalls: Verify address
 limit before returning to user-mode

On Fri, May 12, 2017 at 09:43:40AM +0200, Arnd Bergmann wrote:
> How realistic and how useful would it be to first completely eliminate
> the ones that are in loadable modules and then wrapping the definition
> in #ifndef MODULE (or even make it an extern function)?

Should be fairly doable and might be a nice step towards cleaning the
mess up.  In fact with my seres a large part of those are gone, and
most of the remaining handler are ioctl handlers or what seems like
opencoded versions of probe_kernel_read.

But it won't help against exploits modifying addr_limit manually.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.