From: Andrew Morton <akpm@zip.com.au>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Pavel Machek <pavel@suse.cz>,
Linus Torvalds <torvalds@transmeta.com>,
Rusty Russell <rusty@rustcorp.com.au>,
linux-kernel@vger.kernel.org
Subject: Re: AUDIT: copy_from_user is a deathtrap.
Date: Tue, 21 May 2002 14:46:08 -0700 [thread overview]
Message-ID: <3CEAC020.4F63A181@zip.com.au> (raw)
In-Reply-To: <20020521211727.GG22878@atrey.karlin.mff.cuni.cz> from "Pavel Machek" at May 21, 2002 11:17:27 PM <E17AHQw-0000Jq-00@the-village.bc.nu>
Alan Cox wrote:
>
> > So if you pass bad pointer to read(), why would you expect "number of
> > bytes read" return? Its true that kernel can't simply not return
>
> Because the standard says either you return the errorcode and no data
> is transferred or for a partial I/O you return how much was done. Its
> not neccessarily about accuracy either. If you do a 4k copy_from_user and
> error after for some reason returning -Esomething thats fine providing you
> didnt do anything that consumed data or shifted the file position etc
Is it safe to stick a nose in here with some irrelevancies?
Pavel makes a reasonable point that copy_*_user may elect
to copy the data in something other than strictly ascending
user virtual addresses. In which case it's not possible to return
a sane "how much was copied" number.
And copy_*_user is buggy at present: it doesn't correctly handle
the case where the source and destination of the copy are overlapping
in the same physical page. Example code below. One fix is to
do the copy with descending addresses if src<dest or whatever.
But then how to return the number of bytes??
Also, I see all these noises from x86 gurus about how copy_*_user()
could be sped up heaps with fancy CPU-specific features. Could
someone actually alight from butt and code that up?
akpm-1:/usr/src/ext3/tools> ./copy-user-test foo
aabcddfghhjkllnopprsttvwxx
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/mman.h>
int main(int argc, char *argv[])
{
int fd;
char *filename;
char *mapped_mem;
char buf[26];
int i;
if (argc != 2) {
fprintf(stderr, "Usage; %s filename\n", argv[0]);
exit(1);
}
filename = argv[1];
fd = open(filename, O_RDWR|O_TRUNC|O_CREAT, 0666);
if (fd < 0) {
fprintf(stderr, "%s: Cannot open `%s': %s\n",
argv[0], filename, strerror(errno));
exit(1);
}
for (i = 0; i < 26; i++)
buf[i] = 'a' + i;
mapped_mem = mmap(0, 26, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (mapped_mem == 0) {
perror("mmap");
exit(1);
}
write(fd, buf, 26);
lseek(fd, 1, SEEK_SET);
write(fd, mapped_mem, 25);
msync(mapped_mem, 26, MS_SYNC);
munmap(mapped_mem, 26);
close(fd);
{
char *p = malloc(strlen(filename) + 20);
sprintf(p, "cat %s ; echo", filename);
system(p);
}
exit(0);
}
next prev parent reply other threads:[~2002-05-21 21:47 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E178eMm-0000NO-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
[not found] ` <Pine.LNX.4.44.0205171936220.1524-100000@home.transmeta.com.suse.lists.linux.kernel>
2002-05-18 10:16 ` AUDIT: copy_from_user is a deathtrap Andi Kleen
2002-05-18 16:14 ` Linus Torvalds
2002-05-19 2:10 ` Rusty Russell
2002-05-19 3:01 ` Linus Torvalds
2002-05-19 3:05 ` Larry McVoy
2002-05-19 4:01 ` Rusty Russell
2002-05-19 4:02 ` Larry McVoy
2002-05-16 23:56 ` Pavel Machek
2002-05-16 23:56 ` Pavel Machek
2002-05-19 3:31 ` Rusty Russell
2002-05-19 3:34 ` Linus Torvalds
2002-05-16 23:53 ` Pavel Machek
2002-05-21 20:47 ` Linus Torvalds
2002-05-21 21:17 ` Pavel Machek
2002-05-21 21:25 ` Linus Torvalds
2002-05-21 21:44 ` Alan Cox
2002-05-21 21:46 ` Andrew Morton [this message]
2002-05-21 22:04 ` Linus Torvalds
2002-05-21 22:21 ` Pavel Machek
2002-05-22 13:47 ` Alan Cox
2002-05-22 14:13 ` Pavel Machek
2002-05-22 14:54 ` Alan Cox
2002-05-22 14:42 ` Pavel Machek
2002-05-22 15:27 ` Alan Cox
2002-05-22 18:58 ` Kasper Dupont
2002-05-22 22:02 ` Alan Cox
2002-05-23 3:54 ` Rusty Russell
2002-05-23 11:15 ` Edgar Toernig
2002-05-22 16:09 ` Linus Torvalds
2002-05-22 20:28 ` Pavel Machek
2002-05-22 0:47 ` Andrea Arcangeli
2002-05-22 5:01 ` Rusty Russell
2002-05-22 6:28 ` Rusty Russell
2002-05-22 4:57 ` Rusty Russell
2002-05-22 13:30 ` Alan Cox
2002-05-22 18:43 ` Marco Colombo
2002-05-19 20:23 ` Edgar Toernig
2002-05-19 22:44 ` Alan Cox
2002-05-22 13:40 Petr Vandrovec
2002-05-22 18:58 ` Denis Vlasenko
2002-05-22 14:13 ` Ruth Ivimey-Cook
-- strict thread matches above, loose matches on Subject: below --
2002-05-22 10:08 Petr Vandrovec
2002-05-22 16:23 ` Denis Vlasenko
[not found] <Pine.LNX.4.44.0205191951460.22433-100000@home.transmeta.com.suse.lists.linux.kernel>
[not found] ` <E179fAd-0005vs-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
2002-05-20 10:59 ` Andi Kleen
2002-05-19 3:38 Rusty Russell
2002-05-19 5:23 ` Linus Torvalds
2002-05-17 0:00 ` Pavel Machek
2002-05-18 21:47 ` Benjamin Herrenschmidt
2002-05-19 12:22 ` Alan Cox
2002-05-19 18:29 ` Linus Torvalds
2002-05-19 19:57 ` Roman Zippel
2002-05-20 2:06 ` Rusty Russell
2002-05-20 2:54 ` Linus Torvalds
2002-05-20 4:53 ` Rusty Russell
2002-05-19 20:12 ` Arnaldo Carvalho de Melo
2002-05-20 16:00 ` Linus Torvalds
2002-05-19 11:41 ` Alan Cox
[not found] <mailman.1021642692.12772.linux-kernel2news@redhat.com>
2002-05-17 17:36 ` Pete Zaitcev
2002-05-18 1:05 ` Rusty Russell
2002-05-18 2:57 ` Alan Cox
2002-05-16 23:27 ` Pavel Machek
[not found] ` <200205191212.g4JCCLY25867@Port.imtp.ilyichevsk.odessa.ua>
[not found] ` <20020520112232.A8983@devserv.devel.redhat.com>
2002-05-21 10:57 ` Denis Vlasenko
2002-05-21 6:21 ` Arnaldo Carvalho de Melo
2002-05-21 8:33 ` Christoph Hellwig
2002-05-21 19:02 ` Albert D. Cahalan
2002-05-22 14:27 ` Denis Vlasenko
2002-05-17 9:27 Rusty Russell
2002-05-17 9:21 ` David S. Miller
2002-05-17 9:49 ` Rusty Russell
2002-05-17 9:35 ` David S. Miller
2002-05-17 12:26 ` Rusty Russell
2002-05-17 17:42 ` Denis Vlasenko
2002-05-17 12:17 ` Alan Cox
2002-05-17 12:21 ` Rusty Russell
2002-05-17 12:58 ` Alan Cox
2002-05-17 12:58 ` Rusty Russell
2002-05-17 13:13 ` John Levon
2002-05-17 14:52 ` Alan Cox
2002-05-18 1:26 ` Rusty Russell
2002-05-17 17:58 ` Denis Vlasenko
2002-05-18 2:37 ` Linus Torvalds
2002-05-18 15:06 ` John Alvord
2002-05-17 10:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CEAC020.4F63A181@zip.com.au \
--to=akpm@zip.com.au \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@suse.cz \
--cc=rusty@rustcorp.com.au \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox