Re: copy_from_user/copy_to_user question

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Vinay Venkataraghavan <raghavanvinay@yahoo.com>
To: Vinay Venkataraghavan <raghavanvinay@yahoo.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Al Viro <viro@ftp.linux.org.uk>
Cc: Vinay Venkataraghavan <raghavanvinay@yahoo.com>,
	linux-kernel@vger.kernel.org, viswa.krish@gmail.com
Subject: Re: copy_from_user/copy_to_user question
Date: Fri, 2 Dec 2005 18:22:11 -0800 (PST)	[thread overview]
Message-ID: <20051203022211.38620.qmail@web32104.mail.mud.yahoo.com> (raw)
In-Reply-To: <20051203021154.30862.qmail@web32113.mail.mud.yahoo.com>


The other point that I want to mention is that I don't
think that there is any guarantee that the user space
structure will be locked in memory. There is every
likely hood of the page being swapped out.

Correct me if I am wrong.
Thanks,
Vinay



--- Vinay Venkataraghavan <raghavanvinay@yahoo.com>
wrote:

> 
> 
> > > > > Secondly, they seem to use memcpy as opposed
> > to using
> > > > > copy_to_user/copy_from_user which is also
> very
> > > > > dangerous.
> > > > 
> > > > If they are grabbing data from user context
> into
> > kernel (or vise versa)
> > > > that could easily cause an oops.  Not to
> mention
> > it is a security risk.
> > > 
> > > Not to mention it simply won't work on a many
> > platforms, no matter what...
> > 
> > Hmm, I've only worked with a few platforms (i386,
> > x86_64, ppc, mips, and
> > a little arm but I don't remember that much).  I
> > believe that a memcpy
> > could work on all these platforms (error prone of
> > course, but if the
> > memory is mapped its OK).  
> 
> When entering a system
> > call, the kernel still
> > has access to the memory locations assigned to the
> > user.
> > 
> 
> But this is not always the case right. The point
> that
> you mention above is specifically why I posted this
> question. It could well be the case that the   user
> space page could be swapped out when the user space
> process is blocked. So when the ioctl is serviced in
> kernel space, there is no guarantee that the page is
> still mapped. This could cause a page fault. 
> I think this is why we need to do a
> copy_to_user/copy_from_user.
> 
> The piece of code that I am talking about is part of
> a
> driver code. Unfortunately I am not at liberty to
> divulge the name of the company. So in the driver
> then
> are not using copy_to_user and copy_from_user. That
> is
> what puzzles me. Moreover, where they are using
> these
> functions they use memcpy which is a big security
> risk.
> 
> Thanks once again.
> Vinay
> 
> 
> 
> 		
> __________________________________________ 
> Yahoo! DSL – Something to write home about. 
> Just $16.99/mo. or less. 
> dsl.yahoo.com 
> 
> 



		
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com

next prev parent reply	other threads:[~2005-12-03  2:22 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-02 22:40 copy_from_user/copy_to_user question Vinay Venkataraghavan
2005-12-03  1:09 ` Steven Rostedt
2005-12-03  1:38   ` Al Viro
2005-12-03  2:02     ` Steven Rostedt
2005-12-03  2:11       ` Vinay Venkataraghavan
2005-12-03  2:22         ` Vinay Venkataraghavan [this message]
2005-12-03  2:27         ` Steven Rostedt
2005-12-03  8:33         ` Arjan van de Ven
2005-12-03  9:43       ` Heiko Carstens
2005-12-03 12:14         ` Steven Rostedt
2005-12-03 22:33       ` Andi Kleen
2005-12-05 13:31   ` linux-os (Dick Johnson)
     [not found] <5fv0G-3kS-11@gated-at.bofh.it>
     [not found] ` <5fvam-3vP-9@gated-at.bofh.it>
2005-12-03  2:47   ` Robert Hancock
2005-12-03  3:23     ` Steven Rostedt
2005-12-03  3:33       ` Robert Hancock
2005-12-03  4:53         ` Steven Rostedt
2005-12-03 22:35       ` Andi Kleen
2005-12-03 18:26         ` Steven Rostedt
2005-12-06 17:53           ` Vinay Venkataraghavan
2005-12-06 17:56             ` Arjan van de Ven
2005-12-06 18:23             ` Steven Rostedt
2005-12-06 18:23             ` linux-os (Dick Johnson)
2005-12-06 18:42               ` Steven Rostedt
2005-12-06 19:58                 ` linux-os (Dick Johnson)
2005-12-06 20:05               ` Vinay Venkataraghavan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051203022211.38620.qmail@web32104.mail.mud.yahoo.com \
    --to=raghavanvinay@yahoo.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=viro@ftp.linux.org.uk \
    --cc=viswa.krish@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox