From: Arnd Bergmann <arnd@arndb.de>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Arjan van de Ven <arjan@infradead.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Ingo Molnar <mingo@elte.hu>, David Miller <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: strict copy_from_user checks issues?
Date: Sat, 9 Jan 2010 01:07:43 +0100 [thread overview]
Message-ID: <201001090107.43402.arnd@arndb.de> (raw)
In-Reply-To: <4B4674FF.5070700@zytor.com>
On Friday 08 January 2010 00:57:51 H. Peter Anvin wrote:
> On 01/07/2010 06:02 AM, Arnd Bergmann wrote:
>
> > On a related topic, one interface that may actually be worth adding is
> > a get_user/put_user variant that can operate on full data structures
> > and return -EFAULT on failure rather than the number of remaining
> > bytes that 99% of the code never need.
>
> What is wrong with checking for zero?
It's counterintuitive. Everyone who is around long enough should know about
the copy_from_user calling conventions, but the fact that Arjan submitted
a patch returning EFAULT from copy_from_user and Ingo and Dave both added
this to their trees tells me that it's less than ideal.
Also, the calling conventions require you to write slightly more when
you want to pass down an error value, e.g.
return copy_to_user(uptr, &data, sizeof(data)) ? -EFAULT : 0;
instead of
return put_user(data, uptr);
The latter form requires a macro instead of a function for the user copy,
but we now have that anyway because of the size check.
Arnd
next prev parent reply other threads:[~2010-01-09 0:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-04 15:43 strict copy_from_user checks issues? Heiko Carstens
2010-01-05 1:43 ` Arjan van de Ven
2010-01-05 7:35 ` Ingo Molnar
2010-01-05 9:48 ` Heiko Carstens
2010-01-05 12:47 ` Arnd Bergmann
2010-01-05 13:19 ` Heiko Carstens
2010-01-05 13:31 ` Arjan van de Ven
2010-01-05 15:22 ` [PATCH] sparc: copy_from_user() should not return -EFAULT Heiko Carstens
2010-01-05 17:27 ` Andi Kleen
2010-01-05 20:47 ` David Miller
2010-01-06 3:20 ` Arjan van de Ven
2010-01-05 17:55 ` Arnd Bergmann
2010-01-06 4:42 ` David Miller
2010-01-05 22:15 ` [tip:x86/urgent] x86: " tip-bot for Heiko Carstens
2010-01-05 13:34 ` strict copy_from_user checks issues? Arjan van de Ven
2010-01-05 13:36 ` Arjan van de Ven
2010-01-05 13:45 ` Arnd Bergmann
2010-01-05 13:52 ` Arjan van de Ven
2010-01-05 15:20 ` Arnd Bergmann
2010-01-05 21:44 ` H. Peter Anvin
2010-01-07 14:02 ` Arnd Bergmann
2010-01-07 23:57 ` H. Peter Anvin
2010-01-09 0:07 ` Arnd Bergmann [this message]
2010-01-09 0:10 ` H. Peter Anvin
2010-01-09 8:01 ` Arnd Bergmann
2010-01-09 20:57 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201001090107.43402.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox