From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Linus Torvalds <torvalds@transmeta.com>,
Rusty Russell <rusty@rustcorp.com.au>
Cc: <linux-kernel@vger.kernel.org>, <alan@lxorguk.ukuu.org.uk>
Subject: Re: AUDIT: copy_from_user is a deathtrap.
Date: Sat, 18 May 2002 22:47:17 +0100 [thread overview]
Message-ID: <20020518214717.3526@smtp.wanadoo.fr> (raw)
In-Reply-To: <Pine.LNX.4.44.0205182210330.878-100000@home.transmeta.com>
>But read (and particularly write) are _not_ re-startable without the
>knowledge of how much was written, because they change f_pos and other
>things ("write()" in particular changes a _lot_ of "other things", namely
>the data in the file itself, of course).
Looking at generic_file_write(), it ignore the count returned by
copy_from_user and always commit a write for the whole requested
count, regardless of how much could actually be read from userland.
The result of copy_from_user is only used as an error condition.
generic_file_read() on the other hand seems to be ok.
>There are other system calls that aren't re-startable, but basically
>read/write are the "big ones", and thus Linux should try its best to make
>them work in an environment that requires restartability. Most programs
>can live without various random ioctl's and special system calls, but very
>very few programs/environments can live without read/write.
>
>("restartable" here doesn't mean that the _kernel_ would re-start them,
>but that a "gc-aware library" can make wrappers around them and correctly
>restart them internally, if you see my point - kind of like how stdio
>already handles the issue of EINTR returns for read/write, which is
>actually very similar in nature).
next prev parent reply other threads:[~2002-05-19 9:50 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-19 3:38 AUDIT: copy_from_user is a deathtrap Rusty Russell
2002-05-19 5:23 ` Linus Torvalds
2002-05-17 0:00 ` Pavel Machek
2002-05-18 21:47 ` Benjamin Herrenschmidt [this message]
2002-05-19 12:22 ` Alan Cox
2002-05-19 18:29 ` Linus Torvalds
2002-05-19 19:57 ` Roman Zippel
2002-05-20 2:06 ` Rusty Russell
2002-05-20 2:54 ` Linus Torvalds
2002-05-19 17:59 ` [BK PATCH] char: " Arnaldo Carvalho de Melo
2002-05-20 4:53 ` Rusty Russell
2002-05-19 20:12 ` Arnaldo Carvalho de Melo
2002-05-20 16:00 ` Linus Torvalds
2002-05-19 11:41 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2002-05-22 13:40 Petr Vandrovec
2002-05-22 18:58 ` Denis Vlasenko
2002-05-22 14:13 ` Ruth Ivimey-Cook
2002-05-22 10:08 Petr Vandrovec
2002-05-22 16:23 ` Denis Vlasenko
[not found] <Pine.LNX.4.44.0205191951460.22433-100000@home.transmeta.com.suse.lists.linux.kernel>
[not found] ` <E179fAd-0005vs-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
2002-05-20 10:59 ` Andi Kleen
[not found] <E178eMm-0000NO-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
[not found] ` <Pine.LNX.4.44.0205171936220.1524-100000@home.transmeta.com.suse.lists.linux.kernel>
2002-05-18 10:16 ` Andi Kleen
2002-05-18 16:14 ` Linus Torvalds
2002-05-19 2:10 ` Rusty Russell
2002-05-19 3:01 ` Linus Torvalds
2002-05-19 3:05 ` Larry McVoy
2002-05-19 4:01 ` Rusty Russell
2002-05-19 4:02 ` Larry McVoy
2002-05-16 23:56 ` Pavel Machek
2002-05-16 23:56 ` Pavel Machek
2002-05-19 3:31 ` Rusty Russell
2002-05-19 3:34 ` Linus Torvalds
2002-05-16 23:53 ` Pavel Machek
2002-05-21 20:47 ` Linus Torvalds
2002-05-21 21:17 ` Pavel Machek
2002-05-21 21:25 ` Linus Torvalds
2002-05-21 21:44 ` Alan Cox
2002-05-21 21:46 ` Andrew Morton
2002-05-21 22:04 ` Linus Torvalds
2002-05-21 22:21 ` Pavel Machek
2002-05-22 13:47 ` Alan Cox
2002-05-22 14:13 ` Pavel Machek
2002-05-22 14:54 ` Alan Cox
2002-05-22 14:42 ` Pavel Machek
2002-05-22 15:27 ` Alan Cox
2002-05-22 18:58 ` Kasper Dupont
2002-05-22 22:02 ` Alan Cox
2002-05-23 3:54 ` Rusty Russell
2002-05-23 11:15 ` Edgar Toernig
2002-05-22 16:09 ` Linus Torvalds
2002-05-22 20:28 ` Pavel Machek
2002-05-22 0:47 ` Andrea Arcangeli
2002-05-22 5:01 ` Rusty Russell
2002-05-22 6:28 ` Rusty Russell
2002-05-22 4:57 ` Rusty Russell
2002-05-22 13:30 ` Alan Cox
2002-05-22 18:43 ` Marco Colombo
2002-05-19 20:23 ` Edgar Toernig
2002-05-19 22:44 ` Alan Cox
[not found] <mailman.1021642692.12772.linux-kernel2news@redhat.com>
2002-05-17 17:36 ` Pete Zaitcev
2002-05-18 1:05 ` Rusty Russell
2002-05-18 2:57 ` Alan Cox
2002-05-16 23:27 ` Pavel Machek
[not found] ` <200205191212.g4JCCLY25867@Port.imtp.ilyichevsk.odessa.ua>
[not found] ` <20020520112232.A8983@devserv.devel.redhat.com>
2002-05-21 10:57 ` Denis Vlasenko
2002-05-21 6:21 ` Arnaldo Carvalho de Melo
2002-05-21 8:33 ` Christoph Hellwig
2002-05-21 19:02 ` Albert D. Cahalan
2002-05-22 14:27 ` Denis Vlasenko
2002-05-17 9:27 Rusty Russell
2002-05-17 9:21 ` David S. Miller
2002-05-17 9:49 ` Rusty Russell
2002-05-17 9:35 ` David S. Miller
2002-05-17 12:26 ` Rusty Russell
2002-05-17 17:42 ` Denis Vlasenko
2002-05-17 12:17 ` Alan Cox
2002-05-17 12:21 ` Rusty Russell
2002-05-17 12:58 ` Alan Cox
2002-05-17 12:58 ` Rusty Russell
2002-05-17 13:13 ` John Levon
2002-05-17 14:52 ` Alan Cox
2002-05-18 1:26 ` Rusty Russell
2002-05-17 17:58 ` Denis Vlasenko
2002-05-18 2:37 ` Linus Torvalds
2002-05-18 15:06 ` John Alvord
2002-05-17 10:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020518214717.3526@smtp.wanadoo.fr \
--to=benh@kernel.crashing.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox