Re: AUDIT: copy_from_user is a deathtrap.

Kasper Dupont (kasperd@daimi.au.dk)
Wed, 22 May 2002 20:58:10 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Maksim: "Re: [linux-usb-devel] Re: What to do with all of the USB UHCI"
Previous message: Aschwin Marsman - aYniK Software Solutions: "Off topic: Solaris 9 announced, a lot of Linux incorporated"

Alan Cox wrote:
>
> > In such case, linus, here is your "reasonable" example. For PPro, it
> > is faster to copy out-of-order, and if we wanted to use that for
> > copy_to_user, you'd have your example.
>
> I think there is a misunderstanding here.
>
> Nothing in the standards says that
>
> write(pipe_fd, halfmappedbuffer, 2*PAGE_SIZE)
>
> must return PAGE_SIZE on an error. What it seems to say is that it if an error
> is reported then no data got written down the actual pipe itself. Putting
> 4K into the pipe then reporting Esomething is not allowed. Copying 4K into
> a buffer faulting and erroring with Efoo then throwing away the buffer is
> allowed

write might be the easy case. But what about read?
Is a failing read allowed to change the userspace
memory?

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:razor-report@daimi.au.dk
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Maksim: "Re: [linux-usb-devel] Re: What to do with all of the USB UHCI"
Previous message: Aschwin Marsman - aYniK Software Solutions: "Off topic: Solaris 9 announced, a lot of Linux incorporated"