On Sat, Jun 27, 2020 at 09:33:03AM -0700, Linus Torvalds wrote: > The real problem with > "set_fs()" has been that we've occasionally had bugs where we ended up > running odd paths that we really didn't _intend_ to run with kernel > pointers. The classic example is the SCSI "write as ioctl" example, > where a write to a SCSI generic device would do various odd things and > follow pointers and what-not. Then you get into real trouble when > "splice()" ends up truiong to write a kernel buffer, and because of > "set_fs()" suddenly the sg code started accessing kernel memory > willy-nilly. So the semantics of this interface can create chaos fast if not used carefully and conservatively. Christoph, it would be great if you're future series can include some version of a verbiage for the motivation for the culling of set_fs(). Maybe it was just me, but the original motivation wasn't clear at first and took some thread digging to get it. Luis
