Re: AUDIT: copy_from_user is a deathtrap.

Linus Torvalds (torvalds@transmeta.com)
Sat, 18 May 2002 20:01:48 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Larry McVoy: "Re: AUDIT: copy_from_user is a deathtrap."
Previous message: jw schultz: "Re: suid bit on directories"

On Sun, 19 May 2002, Rusty Russell wrote:
>
> Huh? No, you ask for 2000 bytes into a buffer that can only take 1000
> bytes without hitting an unmapped page, returning EFAULT or giving a
> SIGSEGV is perfectly acceptable.

Bzzt, wrong answer.

Partial reads/writes are perfectly possible and non-buggy for any system
that uses variations of mmap/mprotect to implement user-level memory
management, for example persistant data-bases, garbage collection etc.

Which means that if half of a buffer used for "read()" just happens to be
marked non-writable for some GC purpose, the kernel HAS to have the
ability return the right answer (which in this case is to say "I could
only read 1000 bytes"). Because anything else just doesn't give the GC
library (or whatever) any way to recover nicely.

> As a coder, I'd *really* prefer that to hiding the bug!

Rusty, face it, you're wrong on this one. Just drop it.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Larry McVoy: "Re: AUDIT: copy_from_user is a deathtrap."
Previous message: jw schultz: "Re: suid bit on directories"