From: "H. Peter Anvin" <hpa@zytor.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Arjan van de Ven <arjan@infradead.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Ingo Molnar <mingo@elte.hu>, David Miller <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: strict copy_from_user checks issues?
Date: Thu, 07 Jan 2010 15:57:51 -0800 [thread overview]
Message-ID: <4B4674FF.5070700@zytor.com> (raw)
In-Reply-To: <201001071502.29777.arnd@arndb.de>
On 01/07/2010 06:02 AM, Arnd Bergmann wrote:
> On Tuesday 05 January 2010, H. Peter Anvin wrote:
>> What's much worse is that it adds churn to an otherwise-tested code path.
>>
>> We almost need a copy_from/to_user_audited() to override the warning.
>> Not that errors can't creap back in...
>>
>
> Maybe just splitting it up into access_ok() and __copy_from_user(),
> plus a comment is enough? That way we don't need to add another interface
> for the rare case.
>
Adding a named interface makes it clear *what* you are doing and
*why*... just open-coding the implementation does neither.
> On a related topic, one interface that may actually be worth adding is
> a get_user/put_user variant that can operate on full data structures
> and return -EFAULT on failure rather than the number of remaining
> bytes that 99% of the code never need.
What is wrong with checking for zero?
-hpa
next prev parent reply other threads:[~2010-01-08 0:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-04 15:43 strict copy_from_user checks issues? Heiko Carstens
2010-01-05 1:43 ` Arjan van de Ven
2010-01-05 7:35 ` Ingo Molnar
2010-01-05 9:48 ` Heiko Carstens
2010-01-05 12:47 ` Arnd Bergmann
2010-01-05 13:19 ` Heiko Carstens
2010-01-05 13:31 ` Arjan van de Ven
2010-01-05 15:22 ` [PATCH] sparc: copy_from_user() should not return -EFAULT Heiko Carstens
2010-01-05 17:27 ` Andi Kleen
2010-01-05 20:47 ` David Miller
2010-01-06 3:20 ` Arjan van de Ven
2010-01-05 17:55 ` Arnd Bergmann
2010-01-06 4:42 ` David Miller
2010-01-05 22:15 ` [tip:x86/urgent] x86: " tip-bot for Heiko Carstens
2010-01-05 13:34 ` strict copy_from_user checks issues? Arjan van de Ven
2010-01-05 13:36 ` Arjan van de Ven
2010-01-05 13:45 ` Arnd Bergmann
2010-01-05 13:52 ` Arjan van de Ven
2010-01-05 15:20 ` Arnd Bergmann
2010-01-05 21:44 ` H. Peter Anvin
2010-01-07 14:02 ` Arnd Bergmann
2010-01-07 23:57 ` H. Peter Anvin [this message]
2010-01-09 0:07 ` Arnd Bergmann
2010-01-09 0:10 ` H. Peter Anvin
2010-01-09 8:01 ` Arnd Bergmann
2010-01-09 20:57 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B4674FF.5070700@zytor.com \
--to=hpa@zytor.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox