Re: AUDIT: copy_from_user is a deathtrap.

Petr Vandrovec (
Wed, 22 May 2002 12:08:50 +0200

On 22 May 02 at 12:27, Denis Vlasenko wrote:

> > As Linus and others pointed out, copy_{to_from}_user has its uses and will
> > stay, but something like:
> I don't say 'kill it', I say 'rename it so that its name tells users what
> return value to expect'. However, one have to weigh

Why? OSF/1's copyin/copyout returns exactly same value which
our current copy_{to,from}_user does. You should not penalize
developers who read documentation.

> I usually vote for long_but_easy_to_understand_name(), but it's MHO only.
> > #define copyin(...) (copy_from_user(...) ? -EFAULT : 0)
> > #define copyout(...) (copy_to_user(...) ? -EFAULT : 0)
> This falls in cryptcnshrt() category.
> Will "new programmer" grasp form the name alone that it returns EFAULT?
> /me in doubt. OTOH BSD folks may be happy.

running on all (BSD,SVR4,OSF/1) platforms, you must do

if (copyin()) return [-]EFAULT;

anyway, otherwise OSF/1 and SVR4 variants are wrong.
Petr Vandrovec

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at