Re: AUDIT of 2.5.15 copy_to/from_user

Rui Sousa (rui.sousa@laposte.net)
Sun, 19 May 2002 14:58:35 +0200 (CEST)


On Sun, 19 May 2002, Alan Cox wrote:

> > copy_to/from_user() --> will return the number of bytes that were _not_
> > copied. If one does not care about partially successes just use:
> >
> > if (copy_to/from_user())
> > return -EFAULT;
>
> Yes
>
> > __copy_to/from_user() --> the same as above, but can they actually return
> > anything other than 0? My assembler is no good and I'm not able to see if
>
> They do the same things, but don't do any initial range checks that might
> be done by access_ok before hand

On the emu10k1 driver we use access_ok(VERIFY_READ) once at the beginning
of the write() routine to check we can access the user buffer. After that
we always use __copy_from_user() and we trust it not to fail. Is this
correct, or not?

Basically, where in copy_from_user() is it determined the function cannot
copy the entire user buffer? Is it in access_ok() only or also in
__constant_copy_user_zeroing()?

Rui

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/