On Tue, Jun 02, 2020 at 10:18:09AM -0700, Linus Torvalds wrote:
> You have exactly two cases: > > (a) the access_ok() would be right above the code and can't be missed > > (b) not (c) what you really want is not quite access_ok(). Again, that "not quite access_ok()" should be right next to STAC, and come from the same primitive - I'm not saying the current model is anywhere near sane. We need a range-checking primitive right next to memory access; it's just that for KVM and vhost we might want a different check and, for things like s390 and sparc (mips as well, in some configs), potentially different part that would do the memory access itself as well.
