From: Rusty Russell <rusty@rustcorp.com.au>
To: Andrew Morton <akpm@osdl.org>
Cc: "David S. Miller" <davem@redhat.com>,
Anton Blanchard <anton@samba.org>,
linux-arch@vger.kernel.org
Subject: Re: copy_mount_options()
Date: Sat, 21 Aug 2004 17:50:58 +1000 [thread overview]
Message-ID: <1093074189.4883.89.camel@bach> (raw)
In-Reply-To: <20040820170712.68e4cda9.akpm@osdl.org>
On Sat, 2004-08-21 at 10:07, Andrew Morton wrote:
> I'm all for it. I'll sneak the below patch into -mm, see what breaks.
You should zero out the whole buffer in copy_from_user() if you return
-EFAULT. We had bugs where people didn't check the returns and you
could read random junk.
As to who uses the value, generic file read and write still use it, as
did some of the serial code last I checked. Linus was of the belief
that they should do a short read/write up to the fault boundary rather
than return -EFAULT.
There's evidence that noone relies on such behaviour, though, since at
the time of the debate, doing such a thing would cause an OOPS on ppc.
Also, this behaviour silently changed after 2.0 and noone noticed.
Finally, other unixes are varied in their approaches in this case (some
downright buggy, lying about how much they'd written).
I would humbly suggest an additional option which sent a SEGV to the
process, as well. If you were playing mprotect games you'd expect them,
and if you weren't, you're probably buggy. After a while, we can simply
forget about checking returns from copy_to/from_user, which would be a
blissful simplification of kernel code.
Cheers,
Rusty.
--
Anyone who quotes me in their signature is an idiot -- Rusty Russell
next prev parent reply other threads:[~2004-08-21 7:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-20 20:01 copy_mount_options() David S. Miller
2004-08-20 20:10 ` copy_mount_options() Andrew Morton
2004-08-20 21:11 ` copy_mount_options() David S. Miller
2004-08-20 21:31 ` copy_mount_options() Andrew Morton
2004-08-20 21:40 ` copy_mount_options() David S. Miller
2004-08-20 22:47 ` copy_mount_options() Andrew Morton
2004-08-20 23:18 ` copy_mount_options() Anton Blanchard
2004-08-20 23:51 ` copy_mount_options() David S. Miller
2004-08-21 0:07 ` copy_mount_options() Andrew Morton
2004-08-21 7:50 ` Rusty Russell [this message]
2004-08-20 23:15 ` copy_mount_options() Benjamin Herrenschmidt
2004-08-22 11:50 ` copy_mount_options() Ralf Baechle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1093074189.4883.89.camel@bach \
--to=rusty@rustcorp.com.au \
--cc=akpm@osdl.org \
--cc=anton@samba.org \
--cc=davem@redhat.com \
--cc=linux-arch@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox