From: "H. Peter Anvin" <hpa@zytor.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Ingo Molnar <mingo@kernel.org>, Al Viro <viro@ZenIV.linux.org.uk>,
Thomas Gleixner <tglx@linutronix.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Vitaly Mayatskikh <v.mayatskih@gmail.com>,
"Murty, Ravi" <ravi.murty@intel.com>,
neilb@suse.de
Subject: Re: copy_from_user_*() and buffer zeroing
Date: Tue, 26 Nov 2013 14:28:59 -0800 [thread overview]
Message-ID: <529520AB.2020407@zytor.com> (raw)
In-Reply-To: <20131126135454.b5e9597a998509f1ab43cee4@linux-foundation.org>
On 11/26/2013 01:54 PM, Andrew Morton wrote:
>
> Nine years ago:
>
> commit 7079f897164cb14f616c785d3d01629fd6a97719
> Author: mingo <mingo>
> Date: Fri Aug 27 17:33:18 2004 +0000
>
> [PATCH] Add a few might_sleep() checks
>
> Add a whole bunch more might_sleep() checks. We also enable might_sleep()
> checking in copy_*_user(). This was non-trivial because of the "copy_*_user()
> in atomic regions" trick would generate false positives. Fix that up by
> adding a new __copy_*_user_inatomic(), which avoids the might_sleep() check.
>
> Only i386 is supported in this patch.
>
>
> I can't think of any reason why __copy_from_user_inatomic() should be
> non-zeroing. But maybe I'm missing something - this would pretty
> easily permit uninitialised data to appear in pagecache and someone
> surely would have noticed..
>
Yes, and the might_sleep() check is indeed bypassed.
However, the non-zeroing bit is currently motivated by the following
comment:
/**
* __copy_from_user: - Copy a block of data from user space, with less
checking.
* @to: Destination address, in kernel space.
* @from: Source address, in user space.
* @n: Number of bytes to copy.
*
* Context: User context only. This function may sleep.
*
* Copy data from user space to kernel space. Caller must check
* the specified block with access_ok() before calling this function.
*
* Returns number of bytes that could not be copied.
* On success, this will be zero.
*
* If some data could not be copied, this function will pad the copied
* data to the requested size using zero bytes.
*
* An alternate version - __copy_from_user_inatomic() - may be called from
* atomic context and will fail rather than sleep. In this case the
* uncopied bytes will *NOT* be padded with zeros. See fs/filemap.h
* for explanation of why this is needed.
*/
This comment is only present in the 32-bit code. fs/filemap.h of course
no longer exists, however, the original commit seems to be
01408c4939479ec46c15aa7ef6e2406be50eeeca which puts a comment in the
(now defunct mm/filemap.h).
I have to say I don't follow the explanation in that patch. It seems
like if you're concurrently reading a buffer being written you should
expect to get any kind of mismash...
Neil, is this still an issue?
-hpa
next prev parent reply other threads:[~2013-11-26 22:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-26 21:07 copy_from_user_*() and buffer zeroing H. Peter Anvin
2013-11-26 21:54 ` Andrew Morton
2013-11-26 22:28 ` H. Peter Anvin [this message]
2013-11-26 23:04 ` NeilBrown
2013-11-26 23:08 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529520AB.2020407@zytor.com \
--to=hpa@zytor.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=neilb@suse.de \
--cc=ravi.murty@intel.com \
--cc=tglx@linutronix.de \
--cc=v.mayatskih@gmail.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).