large copy_to_user fills only one page?

All of lore.kernel.org
 help / color / mirror / Atom feed

* large copy_to_user fills only one page?
@ 2002-05-30 14:36 Emmanuel Michon
  2002-05-30 15:16 ` Andi Kleen
  2002-05-30 15:25 ` Ingo Oeser
  0 siblings, 2 replies; 3+ messages in thread
From: Emmanuel Michon @ 2002-05-30 14:36 UTC (permalink / raw)
  To: linux-kernel

Hi,

I'm working with linux-2.4.18, and writing some
trivial code to get from kernel a grabbed image working this way:

#define IMSIZE 350000

user mode runs:
u_p=malloc(IMSIZE);
ioctl(grabberfd,DOGRAB,u_p);
write *u_p to disk
free(u_p);

kernelmode runs:
case DOGRAB:
        char *u_p,*k_p;
        copy_from_user(u_p,arg,sizeof(char *));
        k_p=vmalloc(IMSIZE);
        kernelgrabs(k_p);
        copy_to_user(u_p,k_p,IMSIZE);
        vfree(k_p);
        break;

What I get actually is only 4K filled in userland, but copy_to_user
returns IMSIZE!

If I memset the memory area *u_p to any value, the grab happens
properly.

I guess memset'ing faults the good pages in, I'm quite surprised
this does not happen smoothly by itself ;-( 

Any clue?

Sincerely yours,

-- 
Emmanuel Michon
Chef de projet
REALmagic France SAS
Mobile: 0614372733 GPGkeyID: D2997E42  

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: large copy_to_user fills only one page?
  2002-05-30 14:36 large copy_to_user fills only one page? Emmanuel Michon
@ 2002-05-30 15:16 ` Andi Kleen
  2002-05-30 15:25 ` Ingo Oeser
  1 sibling, 0 replies; 3+ messages in thread
From: Andi Kleen @ 2002-05-30 15:16 UTC (permalink / raw)
  To: Emmanuel Michon; +Cc: linux-kernel

Emmanuel Michon <emmanuel_michon@realmagic.fr> writes:

> case DOGRAB:
>         char *u_p,*k_p;
>         copy_from_user(u_p,arg,sizeof(char *));
                         ^^^
You copy into random stack garbage here. After that it goes downwards.

-Andi

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: large copy_to_user fills only one page?
  2002-05-30 14:36 large copy_to_user fills only one page? Emmanuel Michon
  2002-05-30 15:16 ` Andi Kleen
@ 2002-05-30 15:25 ` Ingo Oeser
  1 sibling, 0 replies; 3+ messages in thread
From: Ingo Oeser @ 2002-05-30 15:25 UTC (permalink / raw)
  To: Emmanuel Michon; +Cc: linux-kernel

Hi Emmanuel,

On Thu, May 30, 2002 at 04:36:22PM +0200, Emmanuel Michon wrote:
> I'm working with linux-2.4.18, and writing some
> trivial code to get from kernel a grabbed image working this way:
> What I get actually is only 4K filled in userland, but copy_to_user
> returns IMSIZE!

copy_to_user() returns the number of bytes NOT copied.
same for copy_from_user().

This is a common mistake and your code using this functions should
look like this:

if (copy_from_user(to,uptr,size)) {
   return -EFAULT;
}

/* Do some processing */

if (copy_to_user(uptr,from,size)) {
   return -EFAULT;
}


PS: CC'ed linux-kernel, that you will not get 1000 answers ;-)

Regards

Ingo Oeser
-- 
Science is what we can tell a computer. Art is everything else. --- D.E.Knuth

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2002-05-30 15:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-30 14:36 large copy_to_user fills only one page? Emmanuel Michon
2002-05-30 15:16 ` Andi Kleen
2002-05-30 15:25 ` Ingo Oeser

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.