# git rev-parse -q --verify f511c0b17b081562dca8ac5061dfa86db4c66cc2^{commit}
f511c0b17b081562dca8ac5061dfa86db4c66cc2
already have revision, skipping fetch
# git checkout -q -f -B kisskb f511c0b17b081562dca8ac5061dfa86db4c66cc2
# git clean -qxdf
# git log -1
commit f511c0b17b081562dca8ac5061dfa86db4c66cc2
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue May 30 12:38:59 2017 -0700

    "Yes, people use FOLL_FORCE ;)"
    
    This effectively reverts commit 8ee74a91ac30 ("proc: try to remove use
    of FOLL_FORCE entirely")
    
    It turns out that people do depend on FOLL_FORCE for the /proc/<pid>/mem
    case, and we're talking not just debuggers. Talking to the affected people, the use-cases are:
    
    Keno Fischer:
     "We used these semantics as a hardening mechanism in the julia JIT. By
      opening /proc/self/mem and using these semantics, we could avoid
      needing RWX pages, or a dual mapping approach. We do have fallbacks to
      these other methods (though getting EIO here actually causes an assert
      in released versions - we'll updated that to make sure to take the
      fall back in that case).
    
      Nevertheless the /proc/self/mem approach was our favored approach
      because it a) Required an attacker to be able to execute syscalls
      which is a taller order than getting memory write and b) didn't double
      the virtual address space requirements (as a dual mapping approach
      would).
    
      I think in general this feature is very useful for anybody who needs
      to precisely control the execution of some other process. Various
      debuggers (gdb/lldb/rr) certainly fall into that category, but there's
      another class of such processes (wine, various emulators) which may
      want to do that kind of thing.
    
      Now, I suspect most of these will have the other process under ptrace
      control, so maybe allowing (same_mm || ptraced) would be ok, but at
      least for the sandbox/remote-jit use case, it would be perfectly
      reasonable to not have the jit server be a ptracer"
    
    Robert O'Callahan:
     "We write to readonly code and data mappings via /proc/.../mem in lots
      of different situations, particularly when we're adjusting program
      state during replay to match the recorded execution.
    
      Like Julia, we can add workarounds, but they could be expensive."
    
    so not only do people use FOLL_FORCE for both reads and writes, but they
    use it for both the local mm and remote mm.
    
    With these comments in mind, we likely also cannot add the "are we
    actively ptracing" check either, so this keeps the new code organization
    and does not do a real revert that would add back the original comment
    about "Maybe we should limit FOLL_FORCE to actual ptrace users?"
    
    Reported-by: Keno Fischer <keno@juliacomputing.com>
    Reported-by: Robert O'Callahan <robert@ocallahan.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Eric Biederman <ebiederm@xmission.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
# < /opt/cross/kisskb/gcc-4.6.3-nolibc/um-x86_64-linux/bin/x86_64-linux-gcc --version
# < git log --format=%s --max-count=1 f511c0b17b081562dca8ac5061dfa86db4c66cc2
# < make -j 48 ARCH=um O=/home/kisskb/slave/build/linus_um-defconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/um-x86_64-linux/bin/x86_64-linux- SUBARCH=x86_64 defconfig
# make -j 48 ARCH=um O=/home/kisskb/slave/build/linus_um-defconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/um-x86_64-linux/bin/x86_64-linux- SUBARCH=x86_64 
make[1]: Entering directory '/home/kisskb/slave/build/linus_um-defconfig_um-x86_64'
  GEN     ./Makefile
scripts/kconfig/conf  --silentoldconfig arch/x86/um/Kconfig
  CHK     include/generated/uapi/linux/version.h
  UPD     include/generated/uapi/linux/version.h
  HOSTCC  scripts/basic/bin2c
  WRAP    arch/um/include/generated/asm/barrier.h
  WRAP    arch/um/include/generated/asm/bug.h
  WRAP    arch/um/include/generated/asm/clkdev.h
  WRAP    arch/um/include/generated/asm/current.h
  WRAP    arch/um/include/generated/asm/delay.h
  WRAP    arch/um/include/generated/asm/device.h
  WRAP    arch/um/include/generated/asm/emergency-restart.h
  WRAP    arch/um/include/generated/asm/exec.h
  WRAP    arch/um/include/generated/asm/extable.h
  WRAP    arch/um/include/generated/asm/ftrace.h
  WRAP    arch/um/include/generated/asm/futex.h
  WRAP    arch/um/include/generated/asm/hardirq.h
  WRAP    arch/um/include/generated/asm/hw_irq.h
  WRAP    arch/um/include/generated/asm/io.h
  WRAP    arch/um/include/generated/asm/irq_regs.h
  WRAP    arch/um/include/generated/asm/irq_work.h
  WRAP    arch/um/include/generated/asm/kdebug.h
  WRAP    arch/um/include/generated/asm/mcs_spinlock.h
  WRAP    arch/um/include/generated/asm/mm-arch-hooks.h
  WRAP    arch/um/include/generated/asm/param.h
  WRAP    arch/um/include/generated/asm/pci.h
  WRAP    arch/um/include/generated/asm/percpu.h
  WRAP    arch/um/include/generated/asm/preempt.h
  WRAP    arch/um/include/generated/asm/switch_to.h
  WRAP    arch/um/include/generated/asm/topology.h
  WRAP    arch/um/include/generated/asm/trace_clock.h
  WRAP    arch/um/include/generated/asm/word-at-a-time.h
  WRAP    arch/um/include/generated/asm/xor.h
  WRAP    arch/um/include/generated/asm/kprobes.h
  CHK     include/config/kernel.release
  GEN     ./Makefile
  UPD     include/config/kernel.release
  Using /home/kisskb/slave/src as source for kernel
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  HOSTCC  scripts/kallsyms
  CC      scripts/mod/empty.o
  HOSTCC  scripts/mod/mk_elfconfig
  CC      scripts/mod/devicetable-offsets.s
  CHK     scripts/mod/devicetable-offsets.h
  UPD     scripts/mod/devicetable-offsets.h
  MKELF   scripts/mod/elfconfig.h
  HOSTCC  scripts/mod/modpost.o
  HOSTCC  scripts/mod/file2alias.o
  HOSTCC  scripts/mod/sumversion.o
  HOSTLD  scripts/mod/modpost
  SYSTBL  arch/x86/entry/syscalls/../../include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/asm/unistd_64_x32.h
  SYSTBL  arch/x86/entry/syscalls/../../include/generated/asm/syscalls_64.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_32.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_64.h
  SYSHDR  arch/x86/entry/syscalls/../../include/generated/uapi/asm/unistd_x32.h
  HOSTCC  scripts/unifdef
  CC      arch/x86/um/user-offsets.s
In file included from /usr/include/features.h:374:0,
                 from /usr/include/stdio.h:27,
                 from /home/kisskb/slave/src/arch/x86/um/user-offsets.c:1:
/opt/cross/gcc-4.6.3-nolibc/x86_64-linux/lib/gcc/x86_64-linux/4.6.3/../../../../x86_64-linux/include/sys/cdefs.h:385:27: fatal error: bits/wordsize.h: No such file or directory
compilation terminated.
/home/kisskb/slave/src/scripts/Makefile.build:154: recipe for target 'arch/x86/um/user-offsets.s' failed
make[2]: *** [arch/x86/um/user-offsets.s] Error 1
arch/um/Makefile:150: recipe for target 'arch/x86/um/user-offsets.s' failed
make[1]: *** [arch/x86/um/user-offsets.s] Error 2
make[1]: Leaving directory '/home/kisskb/slave/build/linus_um-defconfig_um-x86_64'
Makefile:152: recipe for target 'sub-make' failed
make: *** [sub-make] Error 2
Command 'make -j 48 ARCH=um O=/home/kisskb/slave/build/linus_um-defconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/um-x86_64-linux/bin/x86_64-linux- SUBARCH=x86_64 ' returned non-zero exit status 2
# rm -rf /home/kisskb/slave/build/linus_um-defconfig_um-x86_64
# Build took: 0:00:05.795405