On Mon, Jun 07, 2021 at 02:43:40PM +0000, Al Viro wrote: > > It can't even happen for the legacy architectures, given that the > > remaining set_fs() areas are small and never do iov_iter based I/O. > > Umm... It's a bit trickier than that - e.g. a kernel thread on > a CONFIG_SET_FS target passing a kernel pointer to vfs_read() could've > ended up with new_sync_write() hitting iov_iter_init(). Yes, that is a possbility, but rather unlikely - it would require an arch-specific thread using iov_iter_init. iov_iter_init instances are rather fewer, and only very few in arch code. > AFAICS, we don't have any instances of that, but it's not > as simple as "we don't do any iov_iter work under set_fs(KERNEL_DS)" Indeed.
