Re: AUDIT of 2.5.15 copy_to/from_user

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 19 May 2002 14:43:06 +0100 (BST)


> > > __copy_to/from_user() --> the same as above, but can they actually return
> > > anything other than 0? My assembler is no good and I'm not able to see if
> >
> > They do the same things, but don't do any initial range checks that might
> > be done by access_ok before hand
>
> On the emu10k1 driver we use access_ok(VERIFY_READ) once at the beginning
> of the write() routine to check we can access the user buffer. After that
> we always use __copy_from_user() and we trust it not to fail. Is this
> correct, or not?

This is correct

> Basically, where in copy_from_user() is it determined the function cannot
> copy the entire user buffer? Is it in access_ok() only or also in
> __constant_copy_user_zeroing()?

Static once off checks are done in access_ok
Dynamic checks are doing in __copy_from_*

Which are which depends on the platform. On x86 for example access_ok
is basically a check for 0->0xBFFFFFFF range and no more
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/