On Fri, Apr 28, 2023 at 11:35:32AM -0300, Jason Gunthorpe wrote:
>
> It has been years now, I think we need to admit a fix is still years
> away. Blocking the security problem may even motivate more people to
> work on a fix.
Do we think we can still trigger a kernel crash, or maybe even some
more exciting like an arbitrary buffer overrun, via the
process_vm_writev(2) system call into a file-backed mmap'ed region?
Maybe if someone can come up with an easy-to-expliot security proof of
aconcept, that doesn't require special RDMA hardware or some special
libvirt setup, we could finally get motivation to get it fixed, or at
least blocked? :-)
We've only been talking about it for years, after all...
- Ted
> Security is the primary case where we have historically closed uAPI
> items.
>
> Jason
