From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752552AbdKTUJn (ORCPT <rfc822;w@1wt.eu>);
        Mon, 20 Nov 2017 15:09:43 -0500
Received: from cavan.codon.org.uk ([93.93.128.6]:58560 "EHLO
        cavan.codon.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751173AbdKTUJm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Nov 2017 15:09:42 -0500
X-Greylist: delayed 1151 seconds by postgrey-1.27 at vger.kernel.org; Mon, 20 Nov 2017 15:09:41 EST
Date: Mon, 20 Nov 2017 19:50:27 +0000
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>, Paolo Bonzini <pbonzini@redhat.com>,
        David Windsor <dave@nullcore.net>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] usercopy whitelisting for v4.15-rc1
Message-ID: <20171120195027.GA20045@srcf.ucam.org>
References: <20171117165423.GA34980@beast>
 <CA+55aFy2nSv0-dH68DvemiF4RLvGpMcJ9WzKwmnXAvaJ+9QCmA@mail.gmail.com>
 <47222b54-cb13-2362-a525-714be2ba96de@redhat.com>
 <CAGXu5jL=aowLRbn1QQaSXuSvmJrKos0msSXCmU18kqTRjy2gPA@mail.gmail.com>
 <CA+55aFykjza0H5ytZH_aJKYs9tC84OLyVT30--cvo0mpAzpWaA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFykjza0H5ytZH_aJKYs9tC84OLyVT30--cvo0mpAzpWaA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk
X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Nov 17, 2017 at 01:13:10PM -0800, Linus Torvalds wrote:
> So the hardening efforts should instead _start_ from the standpoint of
> "let's warn about what looks dangerous, and maybe in a _year_ when
> we've warned for a long time, and we are confident that we've actually
> caught all the normal cases, _then_ we can start taking more drastic
> measures".

Can you clarify a little with regard to how you'd have liked this 
patchset to look? With 
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=usercopy-v4.15-rc1&id=93edfb33387772a9ae7693ddf9811280ffc4025b 
it seems pretty like we're at the end goal you've described (default to 
a mode that generates a warning rather than returning an error), so is 
it just that this appeared at the end of the patchset development 
process rather than being there from the beginning?

-- 
Matthew Garrett | mjg59@srcf.ucam.org