Re: copy_from_user/copy_to_user question

[Vinay Venkataraghavan]

The other point that I want to mention is that I don't
think that there is any guarantee that the user space
structure will be locked in memory. There is every
likely hood of the page being swapped out.

Correct me if I am wrong.
Thanks,
Vinay



--- Vinay Venkataraghavan <raghavanvinay@xxxxxxxxx>
wrote:

> 
> 
> > > > > Secondly, they seem to use memcpy as opposed
> > to using
> > > > > copy_to_user/copy_from_user which is also
> very
> > > > > dangerous.
> > > > 
> > > > If they are grabbing data from user context
> into
> > kernel (or vise versa)
> > > > that could easily cause an oops.  Not to
> mention
> > it is a security risk.
> > > 
> > > Not to mention it simply won't work on a many
> > platforms, no matter what...
> > 
> > Hmm, I've only worked with a few platforms (i386,
> > x86_64, ppc, mips, and
> > a little arm but I don't remember that much).  I
> > believe that a memcpy
> > could work on all these platforms (error prone of
> > course, but if the
> > memory is mapped its OK).  
> 
> When entering a system
> > call, the kernel still
> > has access to the memory locations assigned to the
> > user.
> > 
> 
> But this is not always the case right. The point
> that
> you mention above is specifically why I posted this
> question. It could well be the case that the   user
> space page could be swapped out when the user space
> process is blocked. So when the ioctl is serviced in
> kernel space, there is no guarantee that the page is
> still mapped. This could cause a page fault. 
> I think this is why we need to do a
> copy_to_user/copy_from_user.
> 
> The piece of code that I am talking about is part of
> a
> driver code. Unfortunately I am not at liberty to
> divulge the name of the company. So in the driver
> then
> are not using copy_to_user and copy_from_user. That
> is
> what puzzles me. Moreover, where they are using
> these
> functions they use memcpy which is a big security
> risk.
> 
> Thanks once again.
> Vinay
> 
> 
> 
> 		
> __________________________________________ 
> Yahoo! DSL ? Something to write home about. 
> Just $16.99/mo. or less. 
> dsl.yahoo.com 
> 
> 



		
__________________________________________ 
Yahoo! DSL ? Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/