On Sat, Apr 18, 2020 at 06:55:56AM -0500, Eric W. Biederman wrote: > > Is that really an issue to use that set_fs() in the coredump code ? > > Using set_fs() is pretty bad and something that we would like to remove > from the kernel entirely. The fewer instances of set_fs() we have the > better. > > I forget all of the details but set_fs() is both a type violation and an > attack point when people are attacking the kernel. The existence of > set_fs() requires somethings that should be constants to be variables. > Something about that means that our current code is difficult to protect > from spectre style vulnerabilities. Yes, set_fs requires variable based address checking in the uaccess routines for architectures with a shared address space, or even entirely different code for architectures with separate kernel and user address spaces. My plan is to hopefully kill set_fs in its current form a few merge windows down the road. We'll probably still need some form of it to e.g. mark a thread as kernel thread vs also being able to execute user code, but it will be much ore limited than before, called from very few places and actually be a no-op for many architectures.
