Re: copy_from_user/copy_to_user question

[Vinay Venkataraghavan <raghavanvinay@yahoo.com>]

> > > > Secondly, they seem to use memcpy as opposed
> to using
> > > > copy_to_user/copy_from_user which is also very
> > > > dangerous.
> > > 
> > > If they are grabbing data from user context into
> kernel (or vise versa)
> > > that could easily cause an oops.  Not to mention
> it is a security risk.
> > 
> > Not to mention it simply won't work on a many
> platforms, no matter what...
> 
> Hmm, I've only worked with a few platforms (i386,
> x86_64, ppc, mips, and
> a little arm but I don't remember that much).  I
> believe that a memcpy
> could work on all these platforms (error prone of
> course, but if the
> memory is mapped its OK).  

When entering a system
> call, the kernel still
> has access to the memory locations assigned to the
> user.
> 

But this is not always the case right. The point that
you mention above is specifically why I posted this
question. It could well be the case that the   user
space page could be swapped out when the user space
process is blocked. So when the ioctl is serviced in
kernel space, there is no guarantee that the page is
still mapped. This could cause a page fault. 
I think this is why we need to do a
copy_to_user/copy_from_user.

The piece of code that I am talking about is part of a
driver code. Unfortunately I am not at liberty to
divulge the name of the company. So in the driver then
are not using copy_to_user and copy_from_user. That is
what puzzles me. Moreover, where they are using these
functions they use memcpy which is a big security
risk.

Thanks once again.
Vinay



		
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com