From Linus Torvalds <> Date Fri, 17 Nov 2017 09:35:03 -0800 Subject Re: [GIT PULL] usercopy whitelisting for v4.15-rc1 On Fri, Nov 17, 2017 at 8:54 AM, Kees Cook <keescook@chromium.org> wrote:

>

> (Sorry if this pull request is a duplicate: I just don't want to miss

> the merge window, given its potential for being shorter than usual.)



Honestly, these things always end up waiting to the end for me, simply

because they are scary, and I don't trust them, so I feel I need to

spend time on them.



And when I pull 20+ other pull requests a day, I don't have _time_ to

spend time on them.



They are scary because:



- they touch core stuff



- I don't trust security people to do sane things



- they tend to come in as a "fait accompli" with a shit-ton of random

arbitrary rules, and are still likely to not be complete.



which just makes these pull requests very painful.



We had a ton of issues with the original hardened usercopy just doing

bad things.



We _still_ have outstanding issues with the structure randomization

corrupting the kernel.



These "hardening" things really seem to be a source of random bugs,

and they haven't been extensively tested, and the people involved

quite often don't seem to care about basic cleanliness (because

"security is so important that nothing else matters").



Honestly, I'm unlikely to pull this at all this merge window, simply

because I won't have time for it. This merge window is not going to be

one where I can take a leisurely look at something like this.



If you can make a smaller pull request that introduces the

infrastructure, but that _obviously_ cannot actually break anything,

that would be more likely to be palatable.



Because right now I'm in "the last hardening feature has an unknown

breakage that nobody knows how to even get to the bottom of, I'm _so_

not interested in another of these things" mode.



Linus



