copy_from_user returns a positive value?

copy_from_user returns a positive value?

[Ben Greear]

I have an IOCTL defined something like this:

	_IOWR (0xfe, (30<<3 + 0), __u8 [696])

I'm really passing in a structure of size 696 (does that matter)?

When I make the copy from user call:

       if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
          printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
                 ret, sizeof(reqconf));
          return ret;
       }

I see this printed out:

ERROR: copy_from_user returned: 696, sizeof(reqconf): 696


According to some docs I saw on the web, it should return 0, or the
number it has left to copy.  So, why does it have 696 bytes left
to copy??

Thanks,
Ben


-- 
Ben Greear <greearb@candelatech.com>       <Ben_Greear AT excite.com>
President of Candela Technologies Inc      http://www.candelatech.com
ScryMUD:  http://scry.wanfear.com     http://scry.wanfear.com/~greear

Re: copy_from_user returns a positive value?

[Eli Carter]

Ben Greear wrote:
> 
> I have an IOCTL defined something like this:
> 
>         _IOWR (0xfe, (30<<3 + 0), __u8 [696])
> 
> I'm really passing in a structure of size 696 (does that matter)?
> 
> When I make the copy from user call:
> 
>        if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
>           printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
>                  ret, sizeof(reqconf));
>           return ret;
>        }
> 
> I see this printed out:
> 
> ERROR: copy_from_user returned: 696, sizeof(reqconf): 696
> 
> According to some docs I saw on the web, it should return 0, or the
> number it has left to copy.  So, why does it have 696 bytes left
> to copy??

Because it couldn't copy any of the data?  The code I have seen
generally returns -EFAULT in that case.
Could you be trying to copy data from somewhere that the user does not
have permission to read? Can you verify that both pointers are valid? 
&reqconf should be in the kernel's memory space and arg should be a
pointer provided by the user-space app pointing to memory in userland.

You might want to get the Linux Device Drivers book... the 2nd ed. is
out.

HTH,

Eli
--------------------. "If it ain't broke now,
Eli Carter           \                  it will be soon." -- crypto-gram
eli.carter(a)inet.com `-------------------------------------------------

Re: copy_from_user returns a positive value?

[David S. Miller]

   From: Ben Greear <greearb@candelatech.com>
   Date: Thu, 14 Feb 2002 19:10:20 -0700

   When I make the copy from user call:
   
          if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
             printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
                    ret, sizeof(reqconf));
             return ret;
          }
   
   I see this printed out:
   
   ERROR: copy_from_user returned: 696, sizeof(reqconf): 696

Either:

1) 'arg' is a bogus userland pointer

or

2) 'arg'  is a valid userland pointer, but someone has done a
   set_fs(KERNEL_DS) so only kernel pointers are valid for user
   copies.

A lot of the "32-bit userland on 64-bit kernel" compatability laters
work by doing #2.  They munge the 32-bit user structures into kernel
side copies, and do set_fs(KERNEL_DS) and pass in the pointers to the
kernel copies to the real syscall then finally restore things back to
USER_DS.

copy_{to,from}_user always return, as you correctly noted, the amount
of data that could not be copied or "0" for success.  That is why all
code does something like this:

	err = 0;
	if (copy_{to,from}_user(...))
		err = -EFAULT;

I don't know where some people get the idea that copy_{to,from}_user
should return -EFAULT on failure.  Maybe some port is buggy :-)