From: Linus Torvalds <torvalds@linux-foundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Christophe Leroy <christophe.leroy@c-s.fr>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Dave Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Anvin <hpa@zytor.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
Linux-MM <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
Russell King <linux@armlinux.org.uk>,
Christian Borntraeger <borntraeger@de.ibm.com>
Subject: Re: [PATCH RESEND 1/4] uaccess: Add user_read_access_begin/end and user_write_access_begin/end
Date: Thu, 2 Apr 2020 13:47:24 -0700 [thread overview]
Message-ID: <CAHk-=wjUfAsepavvy2vsnyOv06yeYBMumSeb+dzDSnJXkX7qPQ@mail.gmail.com> (raw)
In-Reply-To: <202004021322.5F80467@keescook>
On Thu, Apr 2, 2020 at 1:27 PM Kees Cook <keescook@chromium.org> wrote:
>
> I was just speaking to design principles in this area: if the "enable"
> is called when already enabled, Something Is Wrong. :)
Well, the "something is wrong" could easily be "the hardware does not
support this".
I'm not at all interested in the crazy code to do this in software.
Nobody sane should ever do that.
Yes, I realize that PaX did software emulation of things like that,
and it was one of the reasons why it was never useful to any normal
use.
Security is not an end goal in itself, it's always secondary to "can I
use this".
Security that means "normal people can't use this, it's only for the
special l33t users" is not security, it's garbage. That "do page
tables in software" was a prime example of garbage.
Linus
next prev parent reply other threads:[~2020-04-02 20:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 7:34 Christophe Leroy
2020-04-02 7:34 ` [PATCH RESEND 2/4] uaccess: Selectively open read or write user access Christophe Leroy
2020-04-02 7:51 ` Kees Cook
2020-04-02 8:00 ` Christophe Leroy
2020-04-02 7:34 ` [PATCH RESEND 3/4] drm/i915/gem: Replace user_access_begin by user_write_access_begin Christophe Leroy
2020-04-02 7:52 ` Kees Cook
2020-04-02 7:59 ` Christophe Leroy
2020-04-02 7:34 ` [PATCH RESEND 4/4] powerpc/uaccess: Implement user_read_access_begin and user_write_access_begin Christophe Leroy
2020-04-02 7:52 ` Kees Cook
2020-04-02 7:46 ` [PATCH RESEND 1/4] uaccess: Add user_read_access_begin/end and user_write_access_begin/end Kees Cook
2020-04-02 16:29 ` Al Viro
2020-04-02 17:03 ` Christophe Leroy
2020-04-02 17:38 ` Kees Cook
2020-04-02 17:50 ` Al Viro
2020-04-02 18:35 ` Christophe Leroy
2020-04-02 18:35 ` Kees Cook
2020-04-02 19:26 ` Linus Torvalds
2020-04-02 20:27 ` Kees Cook
2020-04-02 20:47 ` Linus Torvalds [this message]
2020-04-03 0:58 ` Al Viro
2020-04-03 9:49 ` Russell King - ARM Linux admin
2020-04-03 11:26 ` Catalin Marinas
2020-04-03 13:37 ` Russell King - ARM Linux admin
2020-04-03 17:26 ` Al Viro
2020-04-03 10:02 ` Russell King - ARM Linux admin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wjUfAsepavvy2vsnyOv06yeYBMumSeb+dzDSnJXkX7qPQ@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=airlied@linux.ie \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=christophe.leroy@c-s.fr \
--cc=daniel@ffwll.ch \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox