Linus Torvalds 594cc251fd make 'user_access_begin()' do 'access_ok()'
Originally, the rule used to be that you'd have to do access_ok()
separately, and then user_access_begin() before actually doing the
direct (optimized) user access.

But experience has shown that people then decide not to do access_ok()
at all, and instead rely on it being implied by other operations or
similar.  Which makes it very hard to verify that the access has
actually been range-checked.

If you use the unsafe direct user accesses, hardware features (either
SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged
Access Never - on ARM) do force you to use user_access_begin().  But
nothing really forces the range check.

By putting the range check into user_access_begin(), we actually force
people to do the right thing (tm), and the range check vill be visible
near the actual accesses.  We have way too long a history of people
trying to avoid them.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 12:56:09 -08:00
..
2018-12-20 20:53:11 +11:00
2018-07-10 15:00:52 -06:00
2018-08-22 10:52:48 -07:00
2017-12-01 13:09:40 -08:00
2017-12-01 13:09:40 -08:00
2018-10-12 09:17:46 +02:00
2018-08-16 12:14:42 -07:00
2017-12-01 13:09:40 -08:00
2018-08-22 10:52:48 -07:00
2018-07-23 15:22:39 +10:00
2018-02-06 18:32:44 -08:00
2017-02-24 17:46:57 -08:00
2018-12-28 14:12:21 -08:00
2018-12-29 13:03:29 -08:00
2018-06-12 16:19:22 -07:00
2018-12-06 13:57:03 +01:00
2018-04-12 09:41:19 -07:00
2018-06-12 16:19:22 -07:00
2017-12-01 13:09:40 -08:00
2018-10-16 13:45:44 +02:00
2017-12-01 13:09:40 -08:00
2018-07-17 09:27:43 +02:00
2018-10-16 13:45:44 +02:00
2018-06-27 18:58:49 +03:00
2018-11-16 19:25:29 -08:00
2018-10-15 16:31:29 -04:00
2018-11-15 14:57:09 -08:00
2018-04-23 16:39:35 +01:00
2017-08-15 09:02:07 -07:00