On Thu, Jun 20, 2024 at 10:58:49PM +0530, Anjali K wrote: > However given that: > (i) The dtl buffer is read-only. The dtl trace is a set of metrics which > are collected to be read by privileged users. > (ii) Users usually reads all the dtl entries, not a subset. > > (iii) Read overflows are unlikely to expose anything useful to attackers > > since we are whitelisting the complete slub object and there are no > contiguous memory locations which need to be hidden. > Can we go ahead with the whitelisting using kmem_cache_create_usercopy() > approach? > Or are there other reasons to prefer the bounce buffer approach?
Yeah, based on this and what mpe said, I have no objection to just allowing it in kmem_cache_create_usercopy(). I was mainly just curious what the threat model was. :) Reviewed-by: Kees Cook <k...@kernel.org> -- Kees Cook
