Re: Followup: copy_to_user return value breaks lots of code

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Neal Becker: "portmap problems solved"
• Previous message: Bill Hawes: "Re: NFS bug on 2.1.80"
• Maybe in reply to: Michael Elizabeth Chastain: "Followup: copy_to_user return value breaks lots of code"
• Next in thread: Andi Kleen: "Re: Followup: copy_to_user return value breaks lots of code"
• Reply: Andi Kleen: "Re: Followup: copy_to_user return value breaks lots of code"

I spoke too soon. My first analysis was buggy but there are still
two real problems here.

For reference, in 2.1.80, the call tree is:

copy_to_user
__constant_copy_to_user
access_ok
__copy_user
__generic_copy_to_user

Problem #1:
__generic_copy_to_user is a true function so it can't alter its
arguments. Thus it returns the original number of bytes requested.
This is a change from previous versions.

Problem #2:
A lot of code does this:
return copy_to_user(..., ..., ...);
This code thinks it's going to return -EFAULT, but it isnt't.

include/asm-i386/uaccess.h needs to spell out which macros are meant
to be used (as opposed to internal-only macros), and it needs to specify
the exact return values for all input conditions.

Michael

• Next message: Neal Becker: "portmap problems solved"
• Previous message: Bill Hawes: "Re: NFS bug on 2.1.80"
• Maybe in reply to: Michael Elizabeth Chastain: "Followup: copy_to_user return value breaks lots of code"
• Next in thread: Andi Kleen: "Re: Followup: copy_to_user return value breaks lots of code"
• Reply: Andi Kleen: "Re: Followup: copy_to_user return value breaks lots of code"