On Tue, Jun 02, 2020 at 06:44:30PM +0100, Al Viro wrote: > On Tue, Jun 02, 2020 at 10:18:09AM -0700, Linus Torvalds wrote: > > > > You have exactly two cases: > > > > (a) the access_ok() would be right above the code and can't be missed > > > > (b) not > > (c) what you really want is not quite access_ok(). > > Again, that "not quite access_ok()" should be right next to STAC, and > come from the same primitive - I'm not saying the current model is > anywhere near sane. We need a range-checking primitive right next > to memory access; it's just that for KVM and vhost we might want > a different check and, for things like s390 and sparc (mips as well,
things like vhost on s390 and sparc, that is. > in some configs), potentially different part that would do the memory > access itself as well.
