Re: AUDIT: copy_from_user is a deathtrap.

Linus Torvalds (torvalds@transmeta.com)
Sun, 19 May 2002 19:54:32 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pradeep Padala: "No PTRACE_READDATA for archs other than SPARC?"
Previous message: Arnaldo Carvalho de Melo: "[BK PATCH] char: Re: AUDIT: copy_from_user is a deathtrap."
In reply to: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."

On Mon, 20 May 2002, Rusty Russell wrote:
>
> If read always returns the amount read (ignoring any copy_to_user
> errors), then you can repeat it by seeking backwards[1] and redoing the
> read.

No.

> So copy_to_user can simply deliver a SIGSEGV and return "success", and
> everything will work (except sockets, pipes, etc).

I don't mind the SIGSEGV, but I refuse to make a stupid change that has
absolutely _zero_ reason for it.

The current "copy_to/from_user()" is perfectly fine. It's very simple to
do

if (copy_from_user(xxx))
return -EFAULT;

and it is not AT ALL simpler to do

ret = copy_from_user(xxx);
if (ret)
return ret;

which is apparently your suggestion.

So a lot of people didn't get it? Arnaldo seems to have fixed a lot of
them already, and maybe you who apparently care can add _documentation_,
but the fact is that there is no reason to make a less powerful interface.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pradeep Padala: "No PTRACE_READDATA for archs other than SPARC?"
Previous message: Arnaldo Carvalho de Melo: "[BK PATCH] char: Re: AUDIT: copy_from_user is a deathtrap."
In reply to: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."