> You've missed similar commit re /proc/*/clear_refs .
i didn't, i was reflecting on pagemap, not clear_refs.
> Regardless, RTFS before making such statements.
which one? i see you aren't disputing that the commit fixed security bugs for .26, you're only
complaining about its applicability to .25. clearly, features not used on .25 are irrelevant,
however the kmalloc(0) case is an interesting one as it ends up down a similar path to what
the vmsplice exploit abused, save for the hardening of get_user_pages that was introduced due
to the same. were cliph to withhold that bug for a little longer, you would be essentially
arguing for not fixing an exploitable bug - not the right mindset i'm afraid. and let's not
get started on the sillyness of using a userland address for ZERO_SIZE_PTR.
another problem you haven't caught is that while get_user_pages brings in the userland buffer
and even makes it writable, as soon as the mmap semaphore is dropped, the whole thing can
disappear (munmap) or become read-only again (fork/mprotect) and thus whatever the whole
exercise was supposed to prevent (sleeping on put_user? copy-on-write?) is still possible.
> How old are you?
judging from your post, probably at least 2-3 times your age. ;)