what is the right behavior of copy_to_user(0x0, ..., ...)?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jun Sun <jsun@mvista.com>
To: linux-mips <linux-mips@oss.sgi.com>
Subject: what is the right behavior of copy_to_user(0x0, ..., ...)?
Date: Fri, 03 May 2002 14:46:19 -0700	[thread overview]
Message-ID: <3CD3052B.1050400@mvista.com> (raw)

When running LTP, I notice that recent kernel has a kernel access fault:

<1>Unable to handle kernel paging request at virtual address 00000000, epc
== 80273860, ra == 80205aa4
Oops in fault.c:do_page_fault, line 204:
$0 : 00000000 10001f00 00000002 00000002 00000000 86df5e98 00000001 00000040
$8 : 00000000 00000000 00000001 ffffffff 00000002 802b4864 00000001 00000001
$16: 100003d8 00000000 00000002 86df5e98 00401080 10002df8 00000000 00000097
$24: 0000000a 802e7ab6                   86df4000 86df5e60 7fff7c60 80205aa4
Hi : 00000000
Lo : 00000000
epc  : 80273860    Not tainted
Status: 10001f03
Cause : 9080800c
  ....

Tracing error reveals that user process passed a NULL buffer pointer to 
sys_getpeername() syscall, probably intentionally.  Then it goes all the way 
down to copy_to_user(0x0, ..., ...) and caused a oops as above.

As a result of oops the user process is killed.  However I am not sure if this 
is the right way to respond to an ill argument.  copy_to_user() probably 
should catch this case and return some meaningful error back to the caller.

I am not sure what is the best way to achieve this.  Any thoughts?

Jun

next             reply	other threads:[~2002-05-03 21:46 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-05-03 21:46 Jun Sun [this message]
2002-05-03 23:23 ` what is the right behavior of copy_to_user(0x0, ..., ...)? Ralf Baechle
2002-05-03 23:41   ` Jun Sun
2002-05-04  1:40     ` Ralf Baechle
2002-05-06 18:18       ` Jun Sun
2002-05-08  3:16         ` Ralf Baechle
2002-05-07  8:47       ` Carsten Langgaard
2002-05-06 17:53         ` Ralf Baechle
2002-05-06 19:44         ` Ralf Baechle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3CD3052B.1050400@mvista.com \
    --to=jsun@mvista.com \
    --cc=linux-mips@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.