Linus thinks security people are morons. He's right. I explain the latest reason here: blog.erratasec.com/2017/11/w…

He's wrong, and so are you (but neither are new). Even if you agree with his wrong position, should acknowledge that it's adhered to incredibly inconsistently. Look at the implementation of VMAP_STACK, or even git.kernel.org/pub/scm/linux… from Linus himself. Do as I say, not as I do

and you are missing a critical datapoint: the whole USERCOPY breakage is due to the KSPP "devs" forgetting to copy+paste some code from us that had been there since 2011:

I'm also very uncomfortable with their initial marketing of security features where they then end up watering them down to the point where they offer no security at all. WARN_ON() does not prevent exploitation, and they are very quiet about the watering down

You didn't read my post. What Linus is saying is that adding bounds-checking to a codebase will uncover latent bugs. Thus, it should be WARN_ON for a year so that such bugs can be cleaned up before killing things.