* Kees Cook <keesc...@chromium.org> wrote: > > git commit b5a882fcf146c87cb6b67c6df353e1c042b8773d > > "s390: restore address space when returning to user space". > > If I'm understanding this, it won't catch corruption of addr_limit > during fast-path syscalls, though (i.e. addr_limit changed without a > call to set_fs()). :(
Nor does it, or the patch you propose, protect against against something corrupting task->mm pointer, or the task->*uid values, or any of the myriads of security relevant values stored in the task structure! Making sure API (set_fs()) usage is bug-free and protecting against the effects of general data corruption are two unrelated things that should not mixed. Thanks, Ingo